← Back to Chapters

407 Proxy Authentication Required

? 407 Proxy Authentication Required

? Quick Overview

HTTP status code 407 Proxy Authentication Required indicates that a client request was blocked because the proxy server requires authentication credentials before forwarding the request to the target server.

? Key Concepts

  • Occurs between client and proxy, not the origin server
  • Proxy sends a Proxy-Authenticate header
  • Client must resend request with Proxy-Authorization
  • Common in corporate or restricted networks

? Syntax / Theory

When a proxy intercepts a request, it may demand credentials. Until valid authentication is provided, all forwarded requests will fail with status code 407.

? Code Example(s)

? View Code Example 
// Example of a raw HTTP response from a proxy
HTTP/1.1 407 Proxy Authentication Required
Proxy-Authenticate: Basic realm="Corporate Proxy"
Content-Length: 0
? View Code Example 
// cURL request with proxy authentication
curl -x http://proxy.example.com:8080 -U username:password https://example.com

? Live Output / Explanation

What Happens?

If credentials are missing or invalid, the proxy blocks the request and returns 407. Once valid credentials are supplied, the proxy forwards the request and normal responses resume.

? Interactive Example

Simulated Corporate Proxy

Try connecting without credentials, then try with admin / 1234

 
? View Logic Code 
// Simulated proxy check using JavaScript
function proxyRequest(authProvided) {
  if (!authProvided) {
    return "407 Proxy Authentication Required";
  }
  return "200 OK - Request Forwarded";
}

console.log(proxyRequest(false));
console.log(proxyRequest(true));

? Use Cases

  • Enterprise networks with restricted internet access
  • Monitoring and filtering outbound traffic
  • Logging and auditing user activity
  • Bandwidth and access control enforcement

? Tips & Best Practices

  • Never hardcode proxy credentials in source code
  • Use environment variables for authentication data
  • Prefer secure authentication mechanisms
  • Handle 407 responses gracefully in applications

? Try It Yourself

  • Configure a local proxy and test authenticated vs unauthenticated requests
  • Use browser dev tools to inspect proxy headers
  • Simulate 407 responses in backend APIs