usingcurl/proxies/env.md; expand the noproxy section

Closes curl#261

usingcurl/proxies/env.md

@@ -6,27 +6,38 @@ it runs to see if a proxy is requested to get used.
 You specify the proxy by setting a variable named `[scheme]_proxy` to hold the
 proxy host name (the same way you would specify the host with `-x`). So if you
 want to tell curl to use a proxy when access an HTTP server, you set the
-'http_proxy' environment variable. Like this:
+`http_proxy` environment variable. Like this:
 
     http_proxy=http://proxy.example.com:80
     curl -v www.example.com
 
-While the above example shows HTTP, you can, of course, also set ftp_proxy,
-https_proxy, and so on. All these proxy environment variable names except
-http_proxy can also be specified in uppercase, like HTTPS_PROXY.
+While the above example shows HTTP, you can, of course, also set `ftp_proxy`,
+`https_proxy`, and so on. All these proxy environment variable names except
+`http_proxy` can also be specified in uppercase, like `HTTPS_PROXY`.
 
-To set a single variable that controls *all* protocols, the ALL_PROXY exists.
-If a specific protocol variable one exists, such a one will take precedence.
+To set a single variable that controls *all* protocols, the `ALL_PROXY`
+exists. If a specific protocol variable one exists, such a one will take
+precedence.
 
-When using environment variables to set a proxy, you could easily end up in a
-situation where one or a few host names should be excluded from going through
-the proxy. This is then done with the NO_PROXY variable. Set that to a comma-
-separated list of host names that should not use a proxy when being
-accessed. You can set NO_PROXY to be a single asterisk ('\*') to match all
-hosts.
+## No proxy
 
-As an alternative to the NO_PROXY variable, there is also a `--noproxy` command
-line option that serves the same purpose and works the same way.
+You sometimes end up in a situation where one or a few host names should be
+excluded from going through the proxy that normally would be used. This is
+then done with the `NO_PROXY` variable. Set that to a comma- separated list of
+host names that should not use a proxy when being accessed. You can set
+`NO_PROXY` to be a single asterisk ('\*') to match all hosts.
+
+If a name in the exclusion list starts with a dot (`.`), then the name will
+match that entire domain. For example `.example.com` will match both
+`www.example.com` and `home.example.com` but not `nonexample.com`.
+
+As an alternative to the `NO_PROXY` variable, there is also a `--noproxy`
+command line option that serves the same purpose and works the same way.
+
+Since curl 7.86.0, a user can exclude an IP network using the CIDR notation:
+append a slash and number of bits to an IP address to specify the bit size of
+the network to match. For example, match the entire 16 bit network start
+starts with `192.168` by providing the pattern `192.168.0.0/16`.
 
 ## `http_proxy` in lower case only
 
@@ -35,11 +46,12 @@ than the others. It is only accepted in its lower case version because of the
 CGI protocol, which lets users run scripts in a server when invoked by an HTTP
 server. When a CGI script is invoked by a server, it automatically creates
 environment variables for the script based on the incoming headers in the
-request. Those environment variables are prefixed with uppercase `HTTP_`!
+request. Those environment variables are prefixed with uppercase `HTTP_`.
 
-An incoming request to an HTTP server using a request header like `Proxy: yada`
-will therefore create the environment variable `HTTP_PROXY` set to contain
-`yada` before the CGI script is started. If that CGI script runs curl…
+An incoming request to an HTTP server using a request header like `Proxy:
+yada` will therefore create the environment variable `HTTP_PROXY` set to
+contain `yada` before the CGI script is started. If such a CGI script runs
+curl, it is important that curl does not treat that as a proxy to use.
 
 Accepting the upper case version of this environment variable has been the
 source for many security problems in lots of software through times.

wordlist.txt

@@ -53,6 +53,7 @@ CharConv
 charset
 charsets
 checksums
+CIDR
 CIFS
 CLA
 CLAs