Crypto
02 Apr 2026
Read 13 min
How to Fix HTTP 407 Proxy Authentication Error Fast *
how to fix HTTP 407 proxy authentication error and resume downloads fast with simple stepwise fixes.
Need to get past a blocked download or site? Here is how to fix HTTP 407 proxy authentication error fast: confirm the 407 comes from your proxy, add the right credentials, match the auth method (Basic, NTLM, or Kerberos), update system and app proxy settings, then test with curl.
A 407 means your request reached a proxy server, but the proxy needs you to sign in. It often happens on office networks, VPNs, hotels, and schools. The fix is simple once you know where your device gets proxy settings and which login the proxy expects. Follow the steps below to restore access in minutes.
Basic (username and password)
NTLM (Windows login)
Negotiate/Kerberos (single sign-on)
If your app, browser, or tool does not send a matching Proxy-Authorization header, the proxy keeps asking, and you keep seeing 407.
Look at the message: it should say “407 Proxy Authentication Required.”
Open Developer Tools (Network tab) or run: curl -I https://example.com
If behind a proxy, you may need to add: curl -I –proxy http://proxy.company.com:8080 https://example.com
Check for “Proxy-Authenticate: Basic” or “Proxy-Authenticate: NTLM/Negotiate” in the response headers. That tells you which login type to use.
Windows: Settings > Network & Internet > Proxy. Note Manual proxy setup or the script URL under “Use setup script.”
macOS: System Settings > Network > [Your network] > Details > Proxies. See if Auto Proxy Discovery or a PAC file is set.
Linux: Check environment variables (echo $HTTP_PROXY, $HTTPS_PROXY) or your desktop proxy settings.
Basic: Use your proxy username and password. Some companies use DOMAINusername.
NTLM/Kerberos: Sign in to your OS account on the domain and use tools that support SSO (for example, curl with –proxy-ntlm or –proxy-negotiate).
If you changed your password, clear saved proxy passwords and sign in again.
Windows: If your company uses a PAC script, make sure the URL is correct. Click “Save.” If apps still fail, run: netsh winhttp import proxy source=ie
macOS: Match your admin’s settings. If a PAC URL is used, copy it exactly. Toggle it off and back on to refresh.
Chrome and Edge use the OS proxy. Firefox can use its own proxy settings. Check Options > Network Settings.
curl
– Basic: curl -I –proxy http://user:pass@host:port https://example.com
– NTLM: curl -I –proxy http://host:port –proxy-ntlm –proxy-user DOMAIN\user:pass https://example.com
– Kerberos: curl -I –proxy http://host:port –proxy-negotiate –proxy-user : https://example.com
Git
– Set proxy: git config –global http.proxy http://user:pass@host:port
– For auth method: git config –global http.proxyAuthMethod basic|ntlm|negotiate
– Unset if you do not need a proxy: git config –global –unset http.proxy
npm/Yarn
– npm config set proxy http://user:pass@host:port
– npm config set https-proxy http://user:pass@host:port
– yarn config set proxy http://user:pass@host:port
pip/Python
– Temporary: pip install –proxy http://user:pass@host:port package
– pip.ini (Windows) or pip.conf (Linux/macOS): add [global] proxy = http://user:pass@host:port
Docker (Linux)
– Create /etc/systemd/system/docker.service.d/proxy.conf
– Add:
[Service]
Environment=”HTTP_PROXY=http://user:pass@host:port” “HTTPS_PROXY=http://user:pass@host:port” “NO_PROXY=localhost,127.0.0.1,.company.com”
– Then run: sudo systemctl daemon-reload && sudo systemctl restart docker
Node/axios, Java, and others
– Node: set process.env.HTTP_PROXY/HTTPS_PROXY or use a proxy agent.
– Java: add -Dhttp.proxyHost=host -Dhttp.proxyPort=port -Dhttp.proxyUser=user -Dhttp.proxyPassword=pass (and https equivalents).
Environment variables: NO_PROXY=localhost,127.0.0.1,.company.com
Windows PAC/Bypass: Add “Bypass proxy server for local addresses.”
macOS: Add domains to “Bypass proxy settings for these Hosts & Domains.”
SSO proxies (NTLM/Kerberos): Make sure you are signed in to your domain account. Your device time must be correct. Large clock drift breaks Kerberos.
Captive portals (hotels, airports): Open http://neverssl.com to trigger the sign-in page. After you accept, 407 often goes away.
Run curl -v to see the full handshake. If you still see 407, check the Proxy-Authenticate header. Use the exact scheme it lists.
If the proxy rotates passwords or tokens, update them. Some secure proxies use short-lived tokens.
If you do not know your proxy host, port, or login.
If the PAC file is wrong or down.
If your account lacks internet rights or is locked.
If your app needs a special allowlist to skip auth.
Clear saved proxy credentials. In Windows Credential Manager, remove entries for your proxy host and re-enter.
In Firefox, set “Use system proxy settings” unless your admin says otherwise.
Re-enter the proxy URL and port. Typos cause 407 loops.
If a PAC file is used, open it in a browser. Make sure it returns a valid FindProxyForURL response.
On Linux shells, export HTTP_PROXY and HTTPS_PROXY before you run the app.
Do not hardcode passwords in code or logs. Use environment variables or a secret store.
Mask Proxy-Authorization in logs. Avoid copying it into tickets or chats.
If your CI runners need the internet, set HTTP(S)_PROXY at the systemd/service level and use NO_PROXY for your internal hosts.
Only one upstream proxy should handle your traffic. Remove extra proxy settings from apps to avoid loops.
Some VPNs force a secure proxy. After connecting to VPN, refresh your proxy settings.
Many networks accept HTTP proxy for HTTPS sites using CONNECT. Use https-proxy settings if your tools separate them.
If the proxy does SSL inspection, your app may also need the proxy’s root certificate installed to avoid TLS errors after fixing 407.
Try DOMAINuser or user@domain.com if Basic login fails and you are on a Windows domain.
For NTLM in curl and Git, escaping backslashes may be needed: DOMAIN\user.
Toggle your proxy setting off and on. Re-enter host, port, and credentials.
Clear saved passwords, then sign in again to the proxy prompt.
Run: curl -I –proxy http://user:pass@host:port https://www.google.com to confirm your login works.
Set NO_PROXY for localhost and your intranet domains.
Sync your system clock and try again (helps NTLM/Kerberos).
Restart apps after changing proxy settings. Some do not reload them live.
What “Proxy Authentication Required” Really Means
A web server uses 401 to ask you to log in. A proxy uses 407. When you see 407, your request did not reach the site yet. It stopped at the proxy. The proxy replies with a Proxy-Authenticate header that tells you what kind of login it needs. Common methods are:How to Fix HTTP 407 Proxy Authentication Error: Quick Checklist
These steps show you how to fix HTTP 407 proxy authentication error on any device. Work top to bottom and test after each change.1) Confirm it is a proxy error
2) Identify the right proxy address and port
3) Enter the correct credentials and auth method
4) Update OS and browser proxy settings
5) Fix command-line tools
Many tools ignore OS settings and need proxy values set directly.6) Set bypasses for local and trusted domains
If the proxy protects the internet only, you should not send local traffic to it.7) Handle SSO, captive portals, and time issues
8) Test again and read the headers
9) When to call your network admin
Common Fixes in Everyday Apps
Browsers
Windows, macOS, Linux
Developers and CI
Special Cases and Gotchas
Multiple proxies or a VPN
HTTPS vs HTTP proxies
Domain and username format
Quick Fixes You Can Try Right Now
Why This Works
A 407 error is not random. It is your network asking you to authenticate. When you add the correct username and password, match the auth method, and make each app use the same settings, the proxy lets your traffic pass. Testing with curl confirms the method and the login before you change many tools. These steps are not only for browsers. They help package managers, Git, Docker, build tools, and custom apps. Once you fix the root cause—wrong proxy address, bad credentials, wrong auth scheme, or missing bypass—every app becomes stable again. In short, you now know how to fix HTTP 407 proxy authentication error with a clean, repeatable process: identify the proxy, match its auth, set credentials in the OS and each tool, add bypasses, and verify with curl. Do that, and your downloads and websites will work as expected.For more news: Click Here
FAQ
Q: What does a 407 Proxy Authentication Required error mean?
A: A 407 means your request reached a proxy server but the proxy requires you to authenticate, so the request stopped at the proxy rather than reaching the site. To learn how to fix HTTP 407 proxy authentication error fast, confirm the 407 comes from your proxy, add the right credentials, match the auth method, update proxy settings, and test with curl.
Q: How can I confirm the 407 error is coming from a proxy?
A: Check that the message says “407 Proxy Authentication Required” and use Developer Tools Network tab or run curl -I to inspect the response. If behind a proxy, include the proxy in curl and look for a Proxy-Authenticate header such as “Basic”, “NTLM”, or “Negotiate” to know the required login method.
Q: Where do I find my proxy address and port on Windows, macOS, and Linux?
A: On Windows check Settings > Network & Internet > Proxy for Manual proxy setup or the PAC/script URL. On macOS open System Settings > Network > [Your network] > Details > Proxies to see PAC or auto-discovery, and on Linux check environment variables like $HTTP_PROXY and $HTTPS_PROXY or your desktop proxy settings.
Q: What authentication methods should I try to fix a 407 error?
A: A proxy’s Proxy-Authenticate header tells you the required method, commonly Basic (username and password), NTLM, or Negotiate/Kerberos. For NTLM or Kerberos you normally must be signed in to your domain account and use tools that support SSO, while Basic can accept DOMAIN\username or user@domain formats if needed.
Q: How do I update OS and browser proxy settings to resolve 407 errors?
A: Update your OS proxy settings to match your network admin’s values — on Windows verify the PAC script URL or manual proxy and run netsh winhttp import proxy source=ie if apps still fail. On macOS copy or toggle the PAC setting, and remember Chrome and Edge use the OS proxy while Firefox can use its own proxy settings in Options > Network Settings.
Q: How do I configure command-line tools like curl, Git, and pip to authenticate with a proxy?
A: Many command-line tools ignore OS proxy settings and must be given proxy details directly. For example, curl can use –proxy with credentials and flags like –proxy-ntlm or –proxy-negotiate, Git uses git config –global http.proxy http://user:pass@host:port, and pip accepts –proxy http://user:pass@host:port for installations.
Q: What should I do if the proxy uses SSO, a captive portal, or has time issues?
A: If the proxy uses SSO (NTLM/Kerberos), sign into your domain account and ensure your system clock is accurate since large clock drift breaks Kerberos. For captive portals (hotels/airports), open http://neverssl.com to trigger the sign-in page, then retry after you accept.
Q: When should I contact my network administrator about a 407 error?
A: Contact your network administrator if you cannot determine the proxy host, port, or required login, if the PAC file is incorrect or unavailable, or if your account lacks internet rights or is locked. Also seek help if an app needs a special allowlist to bypass proxy authentication.
* The information provided on this website is based solely on my personal experience, research and technical knowledge. This content should not be construed as investment advice or a recommendation. Any investment decision must be made on the basis of your own independent judgement.
Contents
