Bypass proxy for all web requests in Powershell Core

I have a work computer running on Windows in a corporate environment with an authenticating proxy server for outgoing connections to the internet. I don't know how it's configured, but many tools fail to connect, mainly that type like npm (packages in the Atom editor), NuGet, PowerShellGet, etc. I even had to configure my browser (Vivaldi) to use the direct connection, because I couldn't, for example, sign in on some websites, even though it was working in MS Edge.

The HTTP error is usually (407) Proxy Authentication Required.

The system-wide proxy server in Windows is being configured by some periodically executed script and I cannot do anything about it.

The solution, or rather a workaround, is to individually configure all applications that have issues with connections to bypass the proxy (use the direct connection to the internet). I have managed to do that for almost everything I needed, but I didn't succeed with Powershell Core so far.

BTW I'm not sure what's the point of that proxy when you can simply bypass it, it's just making regular work harder on that computer and it's wasting my time and company's money.

So far, I have found out the following.

PowerShellGet's Find-Module fails with the error:

Unable to resolve package source '

A simple web request fails with the error "Cache Access Denied":

Invoke-WebRequest 

But succeeds when it's forced to bypass the proxy:

Invoke-WebRequest -NoProxy

netsh winhttp show proxy says "Direct access (no proxy server).", but the following command returns an actual proxy:

([System.Net.WebRequest]::GetSystemWebproxy()).GetProxy("")

Also, the following command returns false:

([System.Net.WebRequest]::GetSystemWebproxy()).IsBypassed("")

I have done quite extensive research and found out that it should be possible to configure WebRequest to use the direct connection by setting the default proxy to null, but it didn't help:

[System.Net.WebRequest]::DefaultWebProxy = $null

I would appreciate if anyone has any other idea.

Update

I have found out that I can actually use my domain account to authenticate on the proxy server:

Invoke-WebRequest -ProxyUseDefaultCredentials -Proxy 

So that would be an alternative to the proxy bypass configuration. I just don't know how to set credentials for all requests made by Powershell. I don't understand why the Windows system proxy is not configured to use my account to authenticate.

I have tried to configure WebRequest::DefaultWebProxy to use the proxy server and authenticate on it using my domain account credentials, but it didn't work:

[System.Net.WebRequest]::DefaultWebProxy = New-Object System.Net.WebProxy(')
[System.Net.WebRequest]::DefaultWebProxy.Credentials = [System.Net.CredentialCache]::DefaultNetworkCredentials
3

3 Answers

Finally, after several hours of researching and messing around, I was able to solve my issue thanks to this GitHub issue comment!

I don't know the background, but it looks like Powershell Core is actually using System.Net.Http.HttpClient rather than System.Net.WebRequest for making web requests.

When I have learned that, it was quite easy to configure HttpClient's default proxy.

1. Manually Configure HttpClient.DefaultProxy

Proxy Bypassing

To bypass the proxy (use the direct connection), set it to null:

[System.Net.Http.HttpClient]::DefaultProxy = New-Object System.Net.WebProxy($null)

I have added it to my Powershell profile and all connections made by Powershell started to work.

Configure Specific Proxy Server

To configure an actuall proxy server instead, use the following command:

[System.Net.Http.HttpClient]::DefaultProxy = New-Object System.Net.WebProxy(' $true)

Configure Proxy Authentication

In case it's an authenticating proxy, you have to configure credentials to be used for the proxy authentication. The following command will use the credentials of your domain account under which you're currently logged in to Windows:

[System.Net.Http.HttpClient]::DefaultProxy.Credentials = [System.Net.CredentialCache]::DefaultCredentials

2. Configure Default Proxy using Environment Variable

An alternative solution is to use an environment variable. According to the documentation, HttpClient is actually using the following variables to initialize the default proxy, if they're defined:

  • HTTP_PROXY for HTTP requests
  • HTTPS_PROXY for HTTPS requests
  • ALL_PROXY for both HTTP and HTTPS
  • NO_PROXY may contain a comma-separated list of hostnames excluded from proxying

An example usage:

ALL_PROXY='

And if you need to pass credentials:

ALL_PROXY='

This solution is supported by a wider range of applications, so if it's better or worse than the previous solution depends on what exactly you want to configure, just Powershell or also other applications.

1

As for this…it should be possible to configure WebRequest to use the direct connection by setting the default proxy to null…, as you've found, not in your corporate infrastructure.

What you have is a GPO, that is forced onto your workstation, that forces all internet egress network traffic thru a filtering/proxied gateway.

See this How to Force Proxy Settings Via Group Policy - TechNet Articles - United States (English) - TechNet Wiki (microsoft.com) for details.

Your employer is controlling and monitoring potentially all ingress/egress network traffic from all domain-joined systems.

Risk Management/Security policy will rule. Any modern filtering gateway has specific controls that your organization/enterprise uses for their defined risk control reasons.

So, this is not a PowerShell feature or code issue; it’s a network restriction. So, no getting around it. Regardless of what tool you are using. You must provide identity/credentials to be allowed outbound.

You can look at your browser settings to see the proxy informant or they could be using PAC files as well.

See this: What is a PAC file? (websense.com) for details.

The reason you do not get this prompt doing normal browsing is that your cased credentials/network token is used. If you try and go around that, you get prompted, per corporate policy.

Trying to circumvent your employer's risk management/security policies will generate RPE/CLM (resume producing event / career-limiting move) for you, and potentially legal action, depending on what you were doing.

7

Based on David Ferenczy Rogožan's excellent answer and research, I was able to get it working, but in my case I had to do (note the slight difference from above):

[System.Net.HttpWebRequest]::DefaultWebProxy = New-Object System.Net.WebProxy($null)

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

You Might Also Like