HTTP proxy adapters.
This crate constructs HTTP clients that respect the system’s proxy configuration.
This crate is developed as part of Materialize, the streaming data warehouse. Contributions are encouraged:
All features are disabled by default. You will likely want to enable at least one of the following features depending on the HTTP client library you use:
hyperfeature enables the proxy adapters for use with the
reqwestfeature enables the proxy adapters for use with the
reqwest by default will perform its own determination of the
system proxy configuration, but its support for
no_proxy is not as
complete as the implementation in this crate.
The system’s proxy configuration is governed by four environment variables,
no_proxy, whose meanings are
nonstandard and vary widely from tool to tool. Materialize implements a
subset of the behavior that has been empirically determined to be common to
many other HTTP clients.
With the exception of
http_proxy, environment variables may be specified
in all lowercase, as written above, or in all uppercase (e.g,
http_proxy is accepted in lowercase only because the
HTTP_PROXY can be controlled by attackers in CGI environments, as
in golang/go#16405. If an environment variable is specified in both
lowercase and uppercase, the lowercase variable takes precedence.
https_proxy environment variables specify the URL of
a proxy server to use when routing HTTP and HTTPS traffic, respectively. The
all_proxy environment variable specifies a proxy server that applies to
both HTTP and HTTPS traffic.
https_proxy take precedence
no_proxy environment variable is a comma-separated list specifying
hosts to exclude from proxying. It takes precedence over the other
environment variables. Each entry in the list must be:
- an IP address followed by an optional port (e.g.,
- an IP address prefix in CIDR notation (e.g.,
- a domain name followed by an optional port (e.g.,
Whitespace surrounding an entry is ignored.
IPv6 addresses cannot contain whitespace inside the
or they will be treated as domains. IPv6 addresses that are followed by a
port specification must be surrounded by
] or the port will be
considered part of the IPv6 address. (The implementation technically allows
IPv4 addresses to be wrapped in square brackets as well, for compatibility
with other tools, but this should not be relied upon.)
no_proxy matching never involves DNS resolution, so a
no_proxy value of
188.8.131.52 will exclude requests that literally mention the IP in the URL
http://184.108.40.206) from proxying, but not requests to
Domain names in
no_proxy match all subdomains, so a
no_proxy value of
materialize.com will exclude requests to both
cloud.materialize.com from proxying. For compatibility with other tools,
domain names can include one optional
. character at the start, which is
Invalid entries in the list are silently ignored.
no_proxy environment variable is set to the special value
all addresses will be excluded from proxying.
For further details on these environment variables, see the GitLab blog article “We need to talk: can we standardize NO_PROXY?”.