Skip to content

Proxy-Authorization

Description

The Proxy-Authorization request header is used to provide authentication credentials to a proxy server. When a client sends a request through a proxy that requires authentication, the client includes this header to supply the necessary credentials.

This header functions similarly to the Authorization header but is specifically for authenticating with a proxy rather than an origin server. It supports various authentication schemes such as Basic and Digest authentication, depending on the proxy server's requirements.

If authentication fails or is required but missing, the proxy responds with a 407 Proxy Authentication Required status, prompting the client to resend the request with valid credentials.

Syntax

The Proxy-Authorization header follows this syntax:

Proxy-Authorization: <auth-scheme> <credentials>

Where:

  • <auth-scheme> specifies the authentication method (e.g., Basic, Digest, Bearer).
  • <credentials> is the encoded authentication information.

Example with Basic authentication:

Proxy-Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=

Here, dXNlcm5hbWU6cGFzc3dvcmQ= is the Base64-encoded string of username:password.

Examples

Authenticating with a Proxy using Basic Authentication

A client requests a resource through an authenticating proxy.

Client Request:

GET http://example.com/resource HTTP/1.1
Host: example.com
Proxy-Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=

Proxy Response (If Authentication is Successful):

HTTP/1.1 200 OK
Content-Type: text/html

<html>...</html>

Proxy Response (If Authentication Fails or is Missing):

HTTP/1.1 407 Proxy Authentication Required
Proxy-Authenticate: Basic realm="Proxy Server"

Using Digest Authentication

Some proxies require a more secure authentication method like Digest authentication.

Client Request:

GET http://example.com/resource HTTP/1.1
Host: example.com
Proxy-Authorization: Digest username="user", realm="proxy", nonce="xyz", uri="/resource", response="abc123"

Proxy Response:

HTTP/1.1 200 OK
Content-Type: text/html

<html>...</html>

Summary

The Proxy-Authorization request header is crucial for authenticating with proxy servers, ensuring that only authorized users can send requests through a proxy. It works similarly to the Authorization header but specifically for proxies. The header supports different authentication schemes like Basic and Digest, with security considerations favoring more secure methods such as Digest or Bearer tokens over Basic authentication. Proper handling of credentials is essential to prevent security vulnerabilities.