---
title: Configuring forward proxy server settings
description: You can configure PingFederate to send web traffic, such as HTTP and HTTPS, so that it initiates through a forward proxy server.
component: pingfederate
version: 13.1
page_id: pingfederate:administrators_reference_guide:pf_configure_forward_proxy_server_settings
canonical_url: https://docs.pingidentity.com/pingfederate/13.1/administrators_reference_guide/pf_configure_forward_proxy_server_settings.html
llms_txt: https://docs.pingidentity.com/pingfederate/llms.txt
docs_for_agents: https://developer.pingidentity.com/build-with-ai/docs-for-agents.md
revdate: May 23, 2023
section_ids:
  steps: Steps
---

# Configuring forward proxy server settings

You can configure PingFederate to send web traffic, such as HTTP and HTTPS, so that it initiates through a forward proxy server.

## Steps

1. Edit the `<pf_install>/pingfederate/bin/run.properties` file.

2. Locate for the following properties:

   ```
   #http.proxyHost=<HTTP_PROXY_HOST>
   #http.proxyPort=<HTTP_PROXY_PORT>
   #http.proxyUser=<HTTP_PROXY_USER>
   #http.proxyPassword=<HTTP_PROXY_PASSWORD>
   #https.proxyHost=<HTTPS_PROXY_HOST>
   #https.proxyPort=<HTTPS_PROXY_PORT>
   #https.proxyUser=<HTTPS_PROXY_USER>
   #https.proxyPassword=<HTTPS_PROXY_PASSWORD>
   #http.nonProxyHosts=*.internal.com|localhost
   ```

3. (Optional) Configure forward proxy server settings for HTTP traffic:

   1. Remove the number sign (`#`) in front of `http.proxyHost` and `http.proxyPort`.

   2. Enter the host name or the IP address of the forward proxy server.

   3. To specify a username and password that are required to connect to the forward proxy server, uncomment `http.proxyUser` and `http.proxyPassword`.

   4. Enter the username and password credentials.

4. (Optional) Configure forward proxy server settings for HTTPS traffic:

   1. Remove the number sign in front of `https.proxyHost` and `https.proxyPort`.

   2. Enter the host name or the IP address of the forward proxy server.

   3. To specify a username and password that are required to connect to the forward proxy server, uncomment `https.proxyUser` and `https.proxyPassword`.

   4. Enter the username and password credentials.

      |   |                                                                                                                                                                                   |
      | - | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
      |   | The `http.proxyUser` and `https.proxyUser` settings both support obfuscation and secret manager references. For more information, see [Secret managers](pf_secret_managers.html). |

      |   |                                                                                                                                                                                                                                                                                                                                                             |
      | - | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
      |   | You can obfuscate the password used to access the forward proxy server by running the obfuscate utility, located in the `<pf_install>/pingfederate/bin` directory:- `obfuscate.bat` for Windows

      - `obfuscate.sh` for LinuxUse the actual password as an argument and copy the entire result into the value for the password parameter in `run.properties`. |

5. (Optional) Configure an exclusion list:

   1. Remove the number sign in front of `http.nonProxyHosts`.

   2. Specify one or more destinations where PingFederate is not required to proxy its HTTP and HTTPS traffic through the forward proxy server.

   This property supports multiple values separated by the pipe character (`\|`) and the wildcard character (`#`) for pattern matching.\
   `*.example.com\|localhost`

6. (Optional) If you want to enable basic authentication for an HTTP or HTTPS target site, you can remove `Basic` from `jdk.http.auth.proxying.disabledSchemes=Basic`or`jdk.http.auth.tunneling.disabledSchemes=Basic`, respectively.

   |   |                                                                                                                                                                                       |
   | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
   |   | You should only use digest authentication with proxy servers. Basic authentication is not recommended because the proxy credentials are transmitted to the server without encryption. |

7. Save your changes.

8. Restart PingFederate.

For a clustered PingFederate environment, repeat these steps on each node.