HTTP

407 - Proxy Authentication Required

Getting a 407 Proxy Authentication Required means the proxy server needs authentication before forwarding your request—similar to 401 but for proxy-level authentication. This client-side error (4xx) happens when corporate proxies, VPN gateways, or network proxies require credentials. Most common in enterprise networks with authenticated proxies, but also appears when proxy credentials expire, Proxy-Authorization headers are missing, or proxy configuration is incorrect.

#Common Causes

  • Frontend: Missing Proxy-Authorization header. Proxy credentials expired or invalid. Browser proxy settings not configured. Client doesn't support proxy authentication. Proxy-Authorization format incorrect.
  • Backend: Proxy server requires authentication. Proxy credentials validation fails. Proxy authentication middleware rejects credentials. Proxy session expired.
  • Infrastructure: Corporate proxy enforces authentication. VPN gateway requires proxy auth. Network proxy configuration requires credentials. Load balancer proxy authentication.

Solutions

  1. 1Step 1: Diagnose - Check DevTools Network tab Request Headers—look for Proxy-Authorization header. Verify proxy settings in browser/OS. Check if proxy credentials are configured.
  2. 2Step 2: Diagnose - Proxy logs show authentication failures. Review proxy server configuration. Check proxy authentication requirements. Verify credentials are valid.
  3. 3Step 3: Fix - Client-side: Configure proxy credentials in browser/OS. Add Proxy-Authorization header with Basic auth. Update expired proxy credentials. Use proxy authentication libraries.
  4. 4Step 4: Fix - Server-side: Return 407 with Proxy-Authenticate header. Implement proxy authentication logic. Validate Proxy-Authorization credentials. Handle proxy auth sessions.
  5. 5Step 5: Fix - Infrastructure: Configure proxy authentication properly. Update proxy credentials in environment. Review network proxy settings. Ensure proxy auth headers pass through.

</>Code Examples

Fetch API: Handle 407 Proxy Authentication
1// Client-side: Handle 407 by adding Proxy-Authorization header
2// Note: Browser Fetch API doesn't directly support proxy auth
3// This is more relevant for Node.js environments
4
5// Node.js example with proxy authentication
6const https = require('https');
7const { HttpsProxyAgent } = require('https-proxy-agent');
8
9async function fetchWithProxyAuth(url, proxyUrl, username, password) {
10  const proxyAuth = Buffer.from(`${username}:${password}`).toString('base64');
11const agent = new HttpsProxyAgent(proxyUrl);
12
13  const response = await fetch(url, {
14  agent: agent,
15  headers: {
16      'Proxy-Authorization': `Basic ${proxyAuth}`,
17    },
18  });
19  
20  if (response.status === 407) {
21    // Proxy authentication failed
22    const proxyAuthenticate = response.headers.get('Proxy-Authenticate');
23    throw new Error(`Proxy authentication failed. Required: ${proxyAuthenticate}`);
24  }
25  
26  return response.json();
27}
28
29// Browser: Configure proxy in OS/browser settings
30// For programmatic access, use environment variables or proxy configuration files
Express.js: Proxy Authentication (as Proxy Server)
1// Server-side: Act as proxy requiring authentication
2const express = require('express');
3const { createProxyMiddleware } = require('http-proxy-middleware');
4const app = express();
5
6// Proxy authentication middleware
7const requireProxyAuth = (req, res, next) => {
8  const proxyAuth = req.headers['proxy-authorization'];
9  
10  if (!proxyAuth) {
11    return res.status(407)
12      .set('Proxy-Authenticate', 'Basic realm="Proxy"')
13      .json({
14        error: 'Proxy Authentication Required',
15        message: 'Proxy server requires authentication',
16      });
17  }
18  
19  // Validate proxy credentials
20  const authString = proxyAuth.replace('Basic ', '');
21  const credentials = Buffer.from(authString, 'base64').toString('utf-8');
22  const [username, password] = credentials.split(':');
23  
24  // Validate against proxy user database
25  if (!validateProxyCredentials(username, password)) {
26    return res.status(407)
27      .set('Proxy-Authenticate', 'Basic realm="Proxy"')
28      .json({
29        error: 'Proxy Authentication Required',
30        message: 'Invalid proxy credentials',
31      });
32  }
33  
34  req.proxyUser = username;
35  next();
36};
37
38// Proxy middleware with authentication
39app.use('/proxy', requireProxyAuth, createProxyMiddleware({
40  target: 'http://target-server:3000',
41  changeOrigin: true,
42  onProxyReq: (proxyReq, req, res) => {
43    // Forward original request with proxy auth
44    if (req.headers['proxy-authorization']) {
45      proxyReq.setHeader('X-Proxy-User', req.proxyUser);
46    }
47  },
48}));
Nginx: Proxy Authentication
1# Nginx: Configure as authenticated proxy
2server {
3    listen 8080;
4    server_name proxy.example.com;
5    
6    # Require proxy authentication
7    location / {
8        # Check Proxy-Authorization header
9        if ($http_proxy_authorization = "") {
10            return 407 '{"error":"Proxy Authentication Required"}';
11            add_header Proxy-Authenticate 'Basic realm="Proxy"' always;
12        }
13        
14        # Validate credentials (simplified - use auth_basic for real auth)
15        # auth_basic "Proxy Authentication Required";
16        # auth_basic_user_file /etc/nginx/.htpasswd;
17        
18        # Forward to upstream
19        proxy_pass http://backend;
20        proxy_set_header Host $host;
21        proxy_set_header X-Real-IP $remote_addr;
22        proxy_set_header X-Proxy-User $remote_user;
23    }
24}
25
26# Or: Nginx as client using authenticated proxy
27# http {
28#     proxy_http_version 1.1;
29#     proxy_set_header Proxy-Authorization "Basic <base64-encoded-credentials>";
30# }

Related Errors

401408

Provider Information

This error code is specific to HTTP services. For more information, refer to the official HTTP documentation.

407 - Proxy Authentication Required | HTTP Error Reference | Error Code Reference