Jump to:navigation, search

The status 407 describes that the proxy requires authentication.


Exceptions for applications that cannot authenticate themselves.

Last adaptation to the version: 11.7


  • Article adaptation
  • Translation
  • Corrected error in Regex format

Previous versions: -


This guide explains in which case authentication exceptions are used and how they can be stored in the proxy.

What are authentication exceptions used for?

Authentication exceptions are often required in connection with virus scanners or other programs that do not support NTLM authentication. In order for these programs to be able to communicate with the Internet despite this, it must be defined in the proxy that the requested URL can be called without previous authentication.


LOG entry

A computer in the internal network cannot load Windows updates.
The entry status="407", appears in the log under the heading Only display application and kernel messages

Exception for subdomains

Authentication exceptions

To exclude a website from the authentication exceptions, the URL must be entered as a regex in the list.
The default entries .*\.ikarus\.at and .*\.mailsecurity\.at are required for our solution Securepoint Antivirus Pro.

Regex Exception from the authentication for
.*download\.windowsupdate\.com all subdomains of windowsupdate.com ending in download
all subdomains of download.windowsupdate.com
updateserver\.anyideas\.de One dedicated address
.*\.update\.microsoft\.com all subdomains of a website
fe[0-9]\.update\.microsoft\.com fe0.update.microsoft.com

Further notes on regex notation can be found in this Wiki article.

Examples of exceptions for Windows update servers

Further examples for setting up authentication exceptions, virus scanners, web filters and SSL interception regarding Windows Updates can be found in the Knowledge Base article Windows Updates with HTTP-Proxy and Web Filter