WinHTTP Authentication

The WinHTTP authentication protocol verifies and validates the client request for server connection. When a connection request to a server fails, and you are redirected to another server URL, the WinHTTP authentication protocol returns an error code 407. The WinHTTP 407 error code indicates that you have to provide your authentication credentials to connect with the redirected server URL.

The Qualys Cloud Agent supports the WinHTTP 407 status code, mandating users to provide authentication credentials when they are redirected to another proxy URL.

The Qualys Cloud Agent for Windows version 5.6 or above supports WinHTTP authentication with the status code 407.

Configuring Proxy Setting

Qualys allows you to configure proxy settings using the WinHttpSetOption() and WinHttpSetCredentials APIs. While WinHttpSetCredentials API allows you to set the authentication scheme parameter for proxy settings, WinHttpSetOption() API does not allow it. When you use the WinHttpSetCredentials API, you have to provide both the authentication credentials and authentication scheme to configure proxy settings.

Use cases for WinHTTP Authentication

WinHTTP Authentication returns 407 status code continuously

When a client request is redirected to another URL, WinHTTP Authentication returns 407 status code for verification. When you receive the 407 status code three times continuously, Cloud Agent attempts to connect to the next configured proxy URL or attempts a direct connection with a proxy server.

Cloud Agent switches to a failover proxy

When a Cloud Agent switches to a failover proxy URL, the last returned status code is set to zero to re-initiate the status code count.

Both the authentication scheme and authentication credentials fail

In case when both the authentication scheme (WinHttpQueryAuthSchemes API) and authentication credential (WinHttpSetCredentials API) fail, Cloud Agent attempts to connect to the next configured or attempts a direct connection with a proxy server.