Bypass list

​Akamai​ maintains a list of domains that bypass ​SIA​ Proxy for compliance and performance reasons.

There are also applications that send non-web traffic such as Session Initiation Protocol (SIP) or XMPP over TLS, utilize certificate pinning, or are incompatible with the TLS MITM certificate that is generated or uploaded in ​SIA​ and required for ​SIA​ Proxy. ​SIA​ offers a policy setting that allows you to allow or block domains that use an unsupported protocol or are incompatible. By default, the Block Incompatible Domains policy setting is not enabled. As a result, these domains bypass ​SIA​ Proxy. To block these domains, see Allow or block domains incompatible with TLS MITM certificate.

📘

If you enable the Block Incompatible Domains setting, the ​Akamai​ domains listed in this table are blocked.

Policy conflicts may occur if multiple lists are assigned to a policy and they contain domains from the bypass list. To learn more about policy conflicts, see Policy conflicts.

​Akamai​ frequently evaluates this list and may add more domains. The bypass list currently contains these domains.

ServiceDomain
​Akamai​
  • akamai.com
  • akamaihd.net
  • akamaietp.net
  • akanev.net
  • akaetp.net
  • akamaized.net
  • akamai-access.com
  • aktrials.com
  • akamaitechnologies.com
  • akadns.net
  • akamaiapis.net
  • akamai-access.com
  • akasecure.net
  • etp-research.info
  • akamaietpmitmbypasstest.com

Apple
  • apple.com
  • mzstatic.com
  • setup.icloud.com
  • gateway.icloud.com

Cisco
  • webex.com
  • wbx2.com
  • ciscospark.com
  • webexcontent.com


These IP subnets for Webex media services also bypass the proxy:

  • 20.50.235.0/24
  • 66.114.160.0/20
  • 20.53.87.0/24
  • 66.163.32.0/19
  • 20.57.87.0/24
  • 69.26.160.0/19
  • 20.68.154.0/24
  • 114.29.192.0/19
  • 20.76.127.0/24
  • 150.253.128.0/17
  • 20.108.99.0/24
  • 170.72.0.0/16
  • 20.120.238.0/23
  • 170.133.128.0/18
  • 23.89.0.0/16
  • 173.39.224.0/19
  • 40.119.234.0/24
  • 173.243.0.0/20
  • 44.234.52.192/26
  • 207.182.160.0/19
  • 52.232.210.0/24
  • 209.197.192.0/19
  • 62.109.192.0/18
  • 210.4.192.0/20
  • 64.68.96.0/19
  • 216.151.128.0/19

  • Dropbox
    • client.dropbox.com
    • d.dropbox.com
    • dropboxstatic.com
    • telemetry.dropbox.com
    • dl-debug.dropbox.com
    • client-web.dropbox.com
    • bolt.dropbox.com
    • dropboxapi.com

    Google
    • accounts.google.com
    • accounts.youtube.com
    • ssl.gstatic.com
    • mail-attachment.googleusercontent.com
    • apidata.googleusercontent.com
    • mtalk.google.com
    • googleapis.com
    • googlehosted.l.googleusercontent.com

    Microsoft
    • msftncsi.com
    • msftconnecttest.com
    • crl.microsoft.com
    • activity.windows.com
    • teams.events.data.microsoft.com

    Online Certificate Status Protocol
    • ocsp.digicert.com
    • ocsp.identrust.com
    • ocsp.affirmtrust.com
    • ocsp.comodoca.com
    • ocsp.comodoca2.com
    • ocsp.comodoca3.com
    • ocsp.comodoca4.com
    • ocsp.entrust.net
    • ocsp.geotrust.com
    • ocsp.globalsign.com
    • ocsp.godaddy.com
    • ocsp.netsolssl.com
    • ocsp.omniroot.com
    • ocsp.quovadisglobal.com
    • ocsp.root-x1.letsencrypt.org
    • ocsp.starfieldtech.com
    • ocsp.startssl.com
    • ocsp.swisssign.net
    • ocsp.thawte.com
    • ocsp.trust-provider.com
    • ocsp.trustwave.com
    • ocsp.usertrust.com
    • ocsp.verisign.com
    • ocsp.wosign.com
    • ocsp.ws.symantec.com
    • ocsp1.wosign.com
    • ocsp2.wosign.cn

    Other
    • lastline.com
    • ooklaserver.net
    • morganstanleyclientserv.com
    • aa.online-metrix.net
    • zoom.us
    • cloudsink.net
    • hostupdate.vmware.com
    • paloaltonetworks.com
    • trendmicro.com
    • nai.com
    • mcafee.com
    • liveupdate.symantecliveupdate.com

    Domains for Microsoft 365 Traffic

    These domains also bypass ​SIA​ Proxy if you enable the Bypass Microsoft 365 Traffic setting in a policy. The Bypass Microsoft 365 Traffic setting retrieves the latest domains associated with Microsoft apps and services. As a result, these domains may change.

    Domains
    • substrate.office.com
    • outlook.ha.office365.com
    • outlook.ms-acdc.office.com
    • ms-acdc.office.com
    • acdc-direct.office.com
    • outlook.live.com
    • edge.microsoft.com
    • yammer.com
    • azureedge.net
    • bing.com
    • onmicrosoft.com
    • outlook.com
    • cloudapp.net
    • sharepoint.com
    • microsoft.com
    • platform.linkedin.com