Managing Bypass Domains
Bypass domains are websites that skip KyberGate's proxy inspection entirely. Traffic to these domains goes directly from the device to the internet without being filtered, inspected, or logged. Use bypass domains sparingly for sites that conflict with proxy inspection.
Before You Begin
- You need Admin role in KyberGate
- Understand that bypassed domains are completely unfiltered — no blocking, no logging, no SafeSearch
- Have a clear reason for bypassing (not just "a teacher asked")
When to Use Bypass Domains
Appropriate uses:
- Sites with certificate pinning that break under SSL inspection (e.g., some banking or government sites)
- Internal school resources hosted on private networks
- Standardized testing platforms that require direct connections (e.g., certain state assessment tools)
- Video conferencing tools that have quality issues through the proxy (e.g., Zoom, Google Meet)
Inappropriate uses:
- Sites a teacher wants unblocked → Use the Allow List in the filtering policy instead
- Sites that are slow → Check proxy region settings before bypassing
- "Just in case" entries → Every bypass is a gap in your protection
Adding a Bypass Domain
- Navigate to Settings → Network & Proxy → Bypass Domains
- Click "+ Add Domain"
- Enter the domain name (e.g.,
zoom.us) - Optionally add a note explaining why this domain is bypassed
- Choose the scope:
- All devices — Every managed device bypasses this domain
- Specific groups — Only selected device groups bypass this domain
- Click "Save"
Wildcard Entries
zoom.us— Bypasses only the exact domain*.zoom.us— Bypasses all subdomains of zoom.us*.*.zoom.us— Not supported; use*.zoom.usinstead
Managing Existing Bypass Domains
- View all: The bypass domain list shows each domain, who added it, when, and the note
- Edit: Click the domain to change its scope or note
- Disable temporarily: Toggle the domain off without deleting it
- Delete: Remove the domain to resume proxy inspection
Common Bypass Domains for Schools
These domains frequently need bypassing in school environments:
| Domain | Reason |
|---|---|
*.zoom.us |
Video conferencing quality |
*.webex.com |
Video conferencing quality |
*.state.*.us |
State assessment platforms |
*.collegeboard.org |
SAT/AP testing |
*.air.org |
Standardized testing (AIR) |
| Internal domains | School-hosted resources |
Auditing Bypass Domains
We recommend reviewing your bypass list quarterly:
- Go to Settings → Network & Proxy → Bypass Domains
- Sort by Date Added to find old entries
- For each entry, ask: "Is this still needed?"
- Remove any entries that no longer have a valid reason
- Document the review in your IT change log
Troubleshooting
- Bypass domain still being filtered? Ensure you included the correct subdomain pattern. Check that the device has synced its PAC file recently
- Site works without proxy but not with bypass? The issue might not be the proxy — check the site's own firewall or IP restrictions
- Too many bypass domains? If your list is growing beyond 20-30 entries, consider whether the proxy configuration or SSL certificate deployment needs attention
Tips
- Less is more: Every bypass domain is a blind spot in your filtering and monitoring. Keep the list minimal
- Document everything: Always add a note explaining why a domain was bypassed. Future admins will thank you
- Test after adding: Verify the bypass works by visiting the site on a managed device and confirming it no longer appears in activity logs
Related Articles
- How Web Filtering Works in KyberGate
- Network and Proxy Settings
- Certificate Installation Issues