SmartProxy icon indicating copy to clipboard operation
SmartProxy copied to clipboard
verified publisher icon salarcode

Allow to use CIDR notation in proxy rules

Open Stefomat opened this issue 3 months ago • 4 comments

Description

Hello,

being able to use different types of proxy rules is great. Domain, regex, wildcard, etc. This makes life easy when creating rules for domain names and URLs. But, I often want to connect to IP addresses that don't have a DNS record attached to them. Even worse, I want to create rules for whole networks and subnets.

Creating individual Host Regex rules for those is tedious, as i have to convert them all to regex. For example: Creating a rule for subnet 192.168.1.0/25 results in regex ^(192\.168\.1\.(?:[0-9]|[1-9][0-9]|1(?:[0-1][0-9]|2[0-7])))$ A subnet 192.168.0.0/20 gets even worse (^(192\.168\.(?:[0-9]|1[0-5])\.(?:[0-9]|[1-9][0-9]|1(?:[0-9][0-9])|2(?:[0-4][0-9]|5[0-5])))$)

Would you consider it feasible to implement a "CIDR network" type rule? In official Mozilla proxy auto configuration there is already a function that could serve as inspiration. (isInNet(host, pattern, mask))

Thanks

Is your feature request related to a problem? Please describe.

No response

Describe alternatives you've considered

No response

Any additional context

Using wildcard matching alone is not feasible in this case. Only certain network sizes (/8, /16, /24) can use wildcards (192.*, 192.168.*, 192.168.1.*)

Stefomat avatar Sep 29 '25 11:09 Stefomat

SmartProxy doesn't use PAC functions, as the proxy rules engine doesn't run in that environment and those functions are not available.

Adding CIDR would only make sense as a complement—similar to Match Pattern—since they would be converted to regex anyway.

salarcode avatar Sep 30 '25 00:09 salarcode

In a second thought, at the time of checking rules, the IP is NOT available, just hostname, so basically this is not possible to do in Firefox. https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/proxy/RequestDetails

But in Chrome we do have access to that isInNet function, so we can make this Chrome only feature which is not ideal!

This needs more thinking...

salarcode avatar Sep 30 '25 06:09 salarcode

Thanks for considering. Having the IP address available wouldn't be necessary in my opinion, as I'm using IP addresses directly as hostname in these cases, no DNS domain names involved. I'm thinking of it like this:

  1. Either, SmartProxy converts CIDR notation to HostRegex and uses that internally to test for a match (like here)
  2. Or, SmartProxy detects that a hostname is actually an IP address and checks if it is part of a subnet mentioned in a rule

Stefomat avatar Sep 30 '25 15:09 Stefomat

But well, this type of match would have to clarify that i would only work, if the IP address is used as hostname. It wouldn't work for domain names that resolve to that IP address...

Stefomat avatar Sep 30 '25 15:09 Stefomat