Bypass proxy for exclusion list not applied

Environment

• Knox SDK
• Android Enterprise
• Android 14 or higher

Overview

When using a Wi-Fi proxy configuration with a Bypass proxy for exclusion list that contains more than 512 characters on devices running Android 14 or higher, you may encounter an issue where the system silently rejects the entire proxy configuration.

When the 512-character limit is exceeded, the proxy configuration doesn’t apply at the network level. The proxy appears inactive in device settings, showing the mode as None, and all network traffic bypasses the intended proxy server.

This behavior occurs regardless of how the proxy is configured — whether deployed through an Enterprise Mobility Management (EMM) solution or set up manually through the device’s Wi-Fi settings.

Cause

The character limitation is enforced by a security restriction implemented in the Android Open-Source Project (AOSP). This restriction prevents potential denial-of-service (DoS) attacks against the Wi-Fi configuration system by enforcing a strict 512-character limit on proxy exclusion lists.

The restriction operates within the WifiConfigurationUtil component during Wi-Fi configuration validation and applies to devices running Android 14 or higher.

Resolution

To resolve this issue, admins must:

• Keep proxy exclusion lists under 512 characters. Count only the actual domain names and IP addresses — comma separators don’t count toward this limit.
• Check the exclusion list’s allowed character length before applying Wi-Fi configurations through EMM solutions or when using programmatic methods like Android’s WifiConfiguration.setHttpProxy(ProxyInfo).