curl to NO_PROXY CIDR addresses are not working as expected

Solution Verified - Updated 20 Nov 2025

Environment

Red Hat OpenShift Container Platform (RHOCP)
- 4
Red Hat Enterprise Linux (RHEL)
- 8
- 9
- 10

Issue

While trying to curl any IP address from the CIDR range specified in the NO_PROXY variable, it is going through the proxy server

Resolution

Update to RHEL 10, it supports CIDR for NO_PROXY variable.
The issue is fixed in RHEL 9.7 with curl-7.76.1-34.el9 or later through RHBA-2025:20626.
JIRA This content is not included.RHEL-86910 has been raised to fix the issue in future release of RHEL 8.

Workaround

Add comma-separated list of IP addresses to the NO_PROXY variable, then try the curl command again
```
$ export NO_PROXY="10.0.0.1,10.0.0.12"
$ curl -i -k https://10.0.0.1:8443
```

Root Cause

Disclaimer: Links contained herein to external website(s) are provided for convenience only. Red Hat has not reviewed the links and is not responsible for the content or its availability. The inclusion of any link to an external website does not imply endorsement by Red Hat of the website or their entities, products, or services. You agree that Red Hat is not responsible or liable for any loss or expenses that may result due to your use of (or reliance on) the external site or content.

According to the Content from curl.haxx.se is not included.curl manual, when using NO_PROXY it needs a comma-separated list of hosts or IP addresses and CIDR addresses are not an acceptable value.

Diagnostic Steps

Check if the NO_PROXY variable contains CIDR addresses:

[root@testcluster]# env | grep -i proxy
NO_PROXY=.cluster.local,.svc,10.0.0.0/24,192.0.2.0/24
HTTPS_PROXY=http://<proxy-server>
HTTP_PROXY=https://<proxy-server>

Although 192.0.2.0/24 is included in NO_PROXY, below curl request would still go through the proxy server:

[root@testcluster]# curl -v -k https://192.0.2.1:8443
* About to connect() to proxy <proxy-server> (#0)
* Trying 10.0.0.5...
* Connected to <proxy-server> (10.0.0.5) (#0)
* Establish HTTP proxy tunnel to 192.0.2.1:8443
* Proxy auth using Basic with user '<proxy user>'
> CONNECT 192.0.2.1:8443 HTTP/1.1
> Host: 192.0.2.1:8443
...
< HTTP/1.1 503 Service Unavailable
< Server: squid/4.9
< Mime-Version: 1.0
...
* Received HTTP code 503 from proxy after CONNECT

SBR

Product(s)

Components

curl

Category

Configure

Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.