| The Proxy-Authorization header field allows the client to identify
itself (or its user) to a proxy that requires authentication. A
Proxy-Authorization field value consists of credentials containing
the authentication information of the user agent for the proxy and/or
realm of the resource being requested.
This header field, along with Authorization, breaks the general rules
about multiple header field names. Although not a comma-separated
list, this header field name may be present multiple times, and MUST
NOT be combined into a single header line.
An UAC sends a request to a proxy server containing a Proxy-Authorization
header field, so that the proxy can authenticate the UAC before processing
the request. A proxy can challenge for credentials by rejecting a request
with a 407 (Proxy Authentication Required) status code upon which a UAC may
provide credentials for the requested resource in the Proxy-Authorization
header.
A Proxy-Authorization header field value applies only to the proxy
whose realm is identified in the "realm" parameter. When multiple proxies
are used in a chain, a Proxy-Authorization header field value MUST NOT be
consumed by any proxy whose realm does not match the "realm" parameter
specified in that value. Note that if an authentication scheme that does not
support realms is used in the Proxy-Authorization header field, a proxy
server MUST attempt to parse all Proxy-Authorization header field values to
determine whether one of them has what the proxy server considers to be
valid credentials.
Example:
Proxy-Authorization: Digest username="Alice", realm="atlanta.com",
nonce="c60f3082ee1212b402a21831ae", response="245f23415f11432b3434341c022"
See Also: Parameters
See Also: ProxyAuthenticateHeader
author:
BEA Systems, NIST
version:
1.2 |