Does 407 error code really count as an error by the attack detection mode, on ProxySG?

The HTTP status code 407 is not typically considered an error by attack detection modes on ProxySG. Instead, it is a standard HTTP response status code that indicates the client must first authenticate itself with the proxy server before accessing the requested resource.

When a client (e.g., a web browser) sends a request to the proxy server, and the proxy server requires authentication, it responds with a 407 status code along with a Proxy-Authenticate header. This header provides information about the authentication methods supported by the proxy, and the client can use this information to send the appropriate credentials for authentication.

In the context of attack detection modes, the ProxySG is more concerned with identifying and mitigating various types of malicious activities and attacks, such as DDoS attacks, web application attacks, and other security threats. The attack detection mode may involve inspecting HTTP requests and responses, analyzing traffic patterns, and applying security policies to block or mitigate potential attacks.

The 407 status code itself is not a malicious status code, and it is not directly related to an attack on the proxy server or web application. It is simply a part of the standard HTTP authentication process.

If you are experiencing issues related to HTTP 407 responses and attack detection on your ProxySG, it is more likely related to how the proxy handles authentication or how the client is responding to the authentication challenge. It's essential to review the configuration and logs to ensure that the authentication process is set up correctly and that legitimate clients can authenticate successfully when required. If you suspect malicious activities, focus on the logs and policies related to attack detection rather than the 407 status code itself.