How to bypass an upstream proxy for a specific domain

Article #: Product Castle


This article explains how to bypass an upstream proxy for a specific domain.


An upstream proxy is in use but some domains should not be requested via the upstream proxy.

This can be solved using the upstream proxy section and the filters associated with that section. The final setup does have to use a bit of reverse logic though.


  1. Define the upstream proxy — see
  2. Define a destination upstream proxy filter, including the domain you want to bypass the upstream proxy for — see
  3. Go to the Manage policies page, and configure the following:
    • Default upstream proxy — None
    • Allow direct connections — Selected
    • Leak client IP with X-forwarded-For header — Not selected
  4. Add the following policies:
    • A policy to block the destination filter from going to the upstream proxy
    • A policy to allow everything else to the upstream proxy

    Ensure the policies are the order listed above. The logic sequence is: If you're going to the destination, we don't want to be sent via the upstream proxy. Deny the destination from going via the upstream proxy. If we are going anywhere else but the filter destination, use the upstream proxy. What's left is the destination filter and the "no default upstream proxy" setting so the destination filter traffic will use that.

  5. Save and restart the web proxy — see


Last updated: Author: Contributions by:
25 August 2016   Tanja