AFansHub

[Help] macOS Sequoia 15.2 system proxy problem, some applications cannot use the system proxy

by Poster May 9, 2025 17
# # Problem Description I'm currently running into a problem regarding the macOS system agent as follows: * * System environment * *: macOS Sequoia 15.2 * * Network Connection * *: Wired connection to the company's intranet, using static IP * * Proxy settings * *: Configure the system proxy in the system preferences to access the external network # # specific questions * * Working apps * *: Apps such as Edge browser can access the external network normally * * Applications that do not work properly * *: * Safari browser cannot browse the external network (accessing the internal network is normal) * Firefox browser cannot browse the external network (accessing the internal network is normal) * App Store cannot connect * Homebrew in Terminal does not work properly # # Try and Discover I suspected that system proxy didn't proxy all network traffic, so I tried using Proxifier for global proxy (instead of using system proxy). It was found that: * With Proxifier, both Safari and Terminal can access the network normally * But Proxifier only has a 30-day free trial # # My Question 1. Is this a system bug in macOS system proxy? 2. Why can some applications use the system agent normally, while others can't? 3. Is there any other solution that can not rely on Proxifier but allow all applications to go through proxy? Thank you all V friends for your help!

Replies

  • Anonymous1831 May 9, 2025
    It is up to the application to decide whether to walk the system agent or not. Some take the system proxy, some need to be set separately, and some don't take the proxy at all. This is why a "transparent proxy" is needed, which acts as a gateway proxy for all the traffic that passes through. If you don't want to pay for proxifier, try the enhanced mode/VPN mode of software such as clash/shadowrocket
  • Anonymous7893 May 9, 2025
    @ Anonymous1831 1st Floor Correct solution
  • Anonymous3856 May 9, 2025
    You try surge's virtual tun
  • Anonymous163 May 9, 2025
    As mentioned on the first floor, the Surge and Clash enhanced modes can be solved
  • Poster May 9, 2025
    @ Anonymous1831 @ Anonymous3856 @ Anonymous163 Thanks for the reply! When I set up the proxifier, I need to check "Use target hostname in proxy request if available" to access the external network. However, when using Surge and other network proxy tools, I don't seem to see similar options. I guess whether the proxy server is possible through the local mac address or ip to judge whether it is a proxy? Or the enhanced mode of Surge Clash, will the virtual network card change some local characteristics so that the proxy server can't recognize it? Show proxy server timeout when using Surge (Please bear with me if there are common sense mistakes)
  • Anonymous5495 May 9, 2025
    proxifier has a free activation code
  • Anonymous8449 May 9, 2025
    @ Poster In your case, you need to add a node to surge. This node is that http proxy and then use enhanced mode to take over all traffic and go to that proxy Your company's network solution is still too primitive... Why do you still use the form of manual agent allocation?
  • Anonymous8449 May 9, 2025
    @ Poster use target hostname means that dns parsing should also go to proxy instead of parsing first and then go to the proxy to access it with IP By default, software such as surge hits the proxy rules and uses the proxy dns, so there should be no problem In addition, you should also learn the basic computer network. The network here should be router-Mac en0-Mac surge tun-Mac app will not affect the router-Mac en0 There is no problem you raised that the proxy server cannot be recognized
  • Anonymous4674 May 9, 2025
    Because Terminal bypasses the macOS network framework and directly initiates network requests, it does not use the system proxy and needs to be configured separately, or a transparent proxy can be built on the LAN. Add in the local configuration ~/. zshrc, automatically obtain the en0 network card ip (can be changed according to your own network card), configure the proxy, replace proxy _ port with your own actual one, add no _ proxy to bypass the proxy, restart Terminal after configuration, and enter Proxy on for Terminal to open the proxy, Proxy off to close the proxy: function proxy () { local ip = $(ipconfig getifaddr en0) Export all _ proxy = "socks5://$ip: proxy _ port" Export http _ proxy = "http://$ip: proxy _ port" Export https _ proxy = "http://$ip: proxy _ port" Export no _ proxy = "npmjs.org" echo "Proxy on" } function uproxy () { Unset all _ proxy http _ proxy https _ proxy no _ proxy echo "Proxy off" } Or configure directly, write the ip and port to death, and restart the terminal to take effect directly Export all _ proxy = "socks5://$ip: proxy _ port" Export http _ proxy = "http://$ip: proxy _ port" Export https _ proxy = "http://$ip: proxy _ port" Export no _ proxy = "npmjs.org"
  • Anonymous4674 May 9, 2025
    @ Anonymous4674 Clerical error, it is to enter proxy to turn on, uproxy to turn off
  • Poster May 9, 2025
    @ Anonymous8449 Japanese IT is extremely backward... Never change things as long as they work I tried adding this https proxy to the proxy, but the access keeps failing, I don't know if there is something wrong with the authentication in the proxy server
  • Poster May 9, 2025
    @ Anonymous4674 Thanks for replying Because the notebook I use sometimes takes it home, every time I use the terminal, using export https _ proxy can indeed make the terminal go as a proxy. I am worried that if I directly join the local configuration and use other networks, there will be problems. For the time being, I still open it every time. Set it separately when terminal
  • Anonymous4674 May 9, 2025
    So you can add two functions, execute proxy on, uproxy off, more flexible
  • Poster May 9, 2025
    @ Anonymous8449 Thanks! Just went to check Surge's description of DNS: By default, the DNS resolve always happens on the remote proxy server since Surge always sends proxy requests with domains. It should be the same as you said before, and there is no special change required. Because it is basically difficult to contact network-related issues in the traditional engineering industry, computer-related knowledge is learned only when you encounter problems. Thank you for the answer
  • Anonymous10308 May 9, 2025
    Don't upgrade, use the LTS version like Monterey.
  • Anonymous5496 May 9, 2025
    The system proxy here can be simply understood as a configuration item, and the program can choose to read this configuration + its own internally implemented proxy protocol to go to the proxy. Therefore, this system proxy has nothing to do with letting all the system traffic go through the proxy.
  • Anonymous551 May 10, 2025
    Safari is supposed to be a System Proxy that will follow the system configuration, so it is recommended to check if limited network DNS is set?