Support for proxy exceptions (e.g. NO_PROXY env var)

[Bubu]

Description:

Or I guess another way of specifying domains/hosts which should be exempt from proxy-ing.

From the curl man page:

      NO_PROXY <comma-separated list of hosts/domains>
              list of host names that shouldn't go through any proxy. If set to an asterisk '*' only, it matches all hosts. Each name in this list is matched as either a domain name which contains the hostname, or  the  hostname  it‐
              self.

              This environment variable disables use of the proxy even when specified with the -x, --proxy option. That is NO_PROXY=direct.example.com curl -x http://proxy.example.com http://direct.example.com accesses the target URL
              directly, and NO_PROXY=direct.example.com curl -x http://proxy.example.com http://somewhere.example.com accesses the target URL through the proxy.

              The list of host names can also be include numerical IP addresses, and IPv6 versions should then be given without enclosing brackets.

              IPv6 numerical addresses are compared as strings, so they will only match if the representations are the same: "::1" is the same as "::0:1" but they don't match.

I don't currently know how this would interact with the ip_range_blacklist 🤔

[Bubu]

I don't currently know how this would interact with the ip_range_blacklist thinking

The reason why this interacts at all is: #9084 as the blacklist is not applied for connections going through the proxy.

I think that the simplest and sanest solution would be that everything not going through the proxy (because it's in NO_PROXY) would then be subject to the blacklist/whitelist again and if you need to connect to an internal IP for something that should be explicitly mentioned in the whitelist.

[Bubu]

Ah, there's an issue here already: matrix-org/synapse-dinsic#70

[Bubu]

I believe this is fixed since 1.29 via #9372