CIDR support for proxy bypass list

[HeroCC]

Feature or enhancement

Proposal:

I propose adding universal support for CIDR-notation IP addresses when reading NO_PROXY / the OS-specific equivalents.

Currently, support for NO_PROXY is a bit inconsistent, both across the ecosystem and within Python. On MacOS using SystemConfiguration, CIDR is supported out of the box, as is the short notation 10.0. The default implementation and the windows nt ProxyOverride registry key do not. Go and curl and wget all support CIDR notation, so despite not being standardized, there is precedent towards this.

In some environments, all outbound traffic is required to go through a proxy. However, traffic to internal services is allowed to be direct (for performance, or inherent trust, or any other reason). An example NO_PROXY may look like NO_PROXY=localhost,.localhost,127.0.0.1,127.0.0.2,0.0.0.0,169.254.169.254,10.0.0.0/8,.internal.,.internal,.local.,.local.

Has this already been discussed elsewhere?

I have already discussed this feature proposal on Discourse

Links to previous discussion of this feature:

https://discuss.python.org/t/support-cidr-notation-in-no-proxy/66292 - discussion was tepid but leant towards yes if a good PR was proposed. I'm working on that in tandem with this gh ticket.

Windows specifically: #149136

More generally: https://about.gitlab.com/blog/we-need-to-talk-no-proxy/

Linked PRs

• gh-149746: Support CIDR entries in NO_PROXY #149744

[picnixz]

Note: I was the one suggesting to support CIDR notation for NO_PROXY.