HTTP CONNECT Method

The HTTP CONNECT method is used to create an HTTP tunnel through a proxy server. By sending an HTTP CONNECT request, the client asks the proxy server to forward the TCP connection to the desired destination.

The proxy server establishes a connection with the desired server on behalf of the client, and after the connection is established, the proxy server continues to proxy the TCP stream to and from the client.

Client Request to Proxy Server
CONNECT reqbin.com:443 HTTP/1.1
Host: reqbin.com:443

The proxy server establishes the requested connection and responds to the client with 200 Connection Established code.

Proxy Server Response to Client
HTTP/1.1 200 Connection Established
...

Some proxies may require authentication by sending a 407 Proxy Authentication Required response. In this case, the client must provide the authentication details in the Proxy-Authorization header.

Client Request to Proxy Server
CONNECT reqbin.com:443 HTTP/1.1
Host: reqbin.com:443
Proxy-Authorization: Basic bG9naW46cGFzc3dvcmQ=

In case the proxy server encounters an error like DNS resolve failure or connect timeout, it returns the error code to the client.

Proxy error codes:
  • 502: Bad Gateway
  • 504: Gateway timeout

Some proxy servers may return a 302 redirection to the client to reveal the exact failure reason.
http-headers connect-request proxy tunnel