`no_proxy_hosts` settings doesn't accept CIDR

[MagicRB]

Description

I put the standard private network ranges into no_proxy_hosts (also tried it via ENV var no_proxy, and NO_PROXY):

  no_proxy_hosts = [
    "10.0.0.0/8"
    "127.0.0.0/8"
    "172.16.0.0/12"
    "192.0.0.0/24"
    "192.168.0.0/16"
    "198.18.0.0/15"
];

(gets converted into YAML)

But the app service request toward 172.20.20.22 was failing with a timeout. I then added 172.20.20.22 into the no_proxy_hosts list and it started working.

Digging into the code a bit:

here the list of no_proxy_hosts get passed to proxy_bypass_environment which is a urllib function, which in cpython is defined here. As you can see nowhere does it consider CIDR or IP ranges as documented by Synapse documentation:

(array) List of hosts, IP addresses, or IP ranges in CIDR format which should not use the proxy. Synapse will directly connect to these hosts. For more details, see the forward proxy documentation. There is no default for this option.

Either the documentation needs to be amended or CIDR + IP ranges implemented.

P.S.:

It will not be used for:

Application Services

and yet my HS -> appservice connection was failing

Steps to reproduce

1. deploy synapse
2. deploy an appservice (mautrix-discord in my case)
3. deploy a forward proxy (apache in my case) and point synapse at it with http_proxy and https_proxy
4. exclude the private network range where the appservice resides at using no_proxy_hosts
5. observe HS -> appservice connection timeouts because it's going through the forward proxy

Homeserver

matrix.redalder.org

Synapse Version

v1.138

Installation Method

Other (please mention below)

Database

PostgreSQL

Workers

Multiple workers

Platform

• container
• x86_64-linux-gnu
• custom distro based on Nix: https://github.com/nix-community/NixNG

Configuration

No response

Relevant log output

Oct 30 21:35:04 server container matrix-synapse[2474815]: 2025-10-30 22:35:04,422 - synapse.http.client - 467 - INFO - as-recoverer-26 - Error sending request to  PUT http://172.20.20.22:29334/_matrix/app/v1/transactions/5990035: RequestTimedOutError 504: Timeout waiting for response from remote server
Oct 30 21:35:04 server container matrix-synapse[2474815]: 2025-10-30 22:35:04,423 - synapse.appservice.api - 412 - WARNING - as-recoverer-26 - push_bulk to http://172.20.20.22:29334 received code=504 msg=Timeout waiting for response from remote server
Oct 30 21:35:04 server container matrix-synapse[2474815]: 2025-10-30 22:35:04,423 - synapse.appservice.scheduler - 513 - INFO - as-recoverer-26 - Scheduling retries on mudiscord in 16.000000s

Anything else that would be useful to know?

No response