Skip to content
Latchkey

CI Proxy Errors - "Received HTTP code 403/407 from proxy"

A request that goes through an HTTP proxy failed at the proxy itself. A 407 means the proxy demands authentication; a 403 means it refused the request; a timeout means the proxy was unreachable or slow.

What this error means

Network steps fail with Received HTTP code 407 from proxy after CONNECT, 403 Forbidden from the proxy, or proxy connect timeouts. The remote host is fine - the proxy in the middle rejected or dropped the request.

CI log
curl: (56) Received HTTP code 407 from proxy after CONNECT
# or
Unable to connect to proxy: Connection timed out

Common causes

Missing or wrong proxy authentication

A 407 means the proxy requires credentials. If HTTPS_PROXY lacks the user:pass@ part, or the credentials are wrong, every CONNECT is rejected.

Proxy variables misconfigured or unreachable

A wrong proxy host/port, a missing NO_PROXY exclusion for internal hosts, or a transiently unreachable proxy causes 403s and connect timeouts.

How to fix it

Inspect the proxy environment

See exactly what proxy settings the tools are using.

Terminal
env | grep -i -E 'proxy'
# expected shape:
# HTTPS_PROXY=http://user:pass@proxy.internal:8080
# NO_PROXY=localhost,127.0.0.1,.internal

Fix auth and exclusions

  1. Include credentials in the proxy URL or supply them where the tool expects.
  2. Add internal/registry hosts to NO_PROXY so they bypass the proxy.
  3. Confirm the proxy host/port is reachable; retry if it was a transient blip.

How to prevent it

  • Set proxy and NO_PROXY variables consistently for all tools.
  • Store proxy credentials as secrets, not inline in logs.
  • Bypass the proxy for internal mirrors and registries.

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →