Safari 17 Proxy Exceptions limit
Safari version 17 which is available on later versions of macOS has new limitations relating to the proxy Exceptions list. The Exceptions list is often used to instruct the browser to completely bypass sending requests to a HTTP or SOCKS proxy (as used by the macOS Agent), which is useful for applications that do not support proxying very well, such as Microsoft Teams.
Safari version 17 will stop sending requests to the configured proxies if the Exceptions list is greater than 88 separate entries or 704 characters, whichever comes first. This means that the Safari browser will not be subject to content filtering / URL blocking if the Exceptions list becomes too large. The issue appears only with Safari version 16+ and is not an issue for other browsers such as Chrome or Firefox.
All customers are encouraged to review their Exceptions list and consider the following changes:
- move any exceptions that do not need a full bypass to a Custom URL category
- trim or truncate any long exceptions, for example
a.b.c.d.domain.comcould possibly be shortened to
- if you are unable to perform the above steps, consider temporarily enforcing the use of Google Chrome or Mozilla Firefox browser instead
- consider moving the Exceptions list to a Proxy Auto-Discovery file (.pac) however note this may not be supported by all applications
Whilst this issue is not specific to the Unified Security Service macOS agent we are taking steps to address the issue and will update this article with any further news.