The .NET Data Provider provides limited support for web proxy servers. The proxy server must accept connections using the HTTP protocol and support HTTP tunneling via the HTTP CONNECT method. Secure web proxy servers that accept connections using the HTTPS protocol and any other proxies are not supported.

The web proxy server may be configured via the following, in priority order from highest to lowest:

1. Connection string parameters
2. Environment variables, and
3. Operating System (OS) proxy settings, with the following caveats:
   • .NET Framework (Windows): non-authenticating proxy settings can be set via the App.config file for each app. If there's no App.config file, the current user's system proxy settings (from Control Panel / Windows Registry) are used.
   • Linux: does not have OS proxy settings; proxy settings may be set using environment variables.
   • macOS: while the system settings allow the user to save proxy credentials, those credentials are not yet supported by .NET. Credentials may be specified in the proxy environment variables​.

The syntax and examples may be provided in the remarks section of each connection string parameter description:

Connection String Parameter	Environment Variable Name	Purpose
HttpProxy	HTTP_PROXY	Used on HTTP requests. HttpProxyUser and HttpProxyPassword can be used for proxy authentication.
HttpsProxy	HTTPS_PROXY	Used on HTTPS requests. HttpsProxyUser and HttpsProxyPassword can be used for proxy authentication.
AllProxy	ALL_PROXY	Used on HTTP and/or HTTPS requests when HttpProxy and/or HttpsProxy are not provided. AllProxyUser and AllProxyPassword can be used for proxy authentication.
ProxyBypassHosts	NO_PROXY	A comma-separated list of hostnames that should be excluded from proxying.

The following rules apply to environment variables:

• On systems where environment variables are case-sensitive, the variable names may be all lowercase or all uppercase. The lowercase names are checked first.
• The proxy server may be a hostname or IP address, optionally followed by a colon and port number, or it may be a http URL, optionally including a username and password for proxy authentication. IPv6 addresses must be enclosed in square brackets.
• Example: ALL_PROXY=http://user:password@proxy.server:80

The following rules apply to environment variables and connection string properties:

• If the proxy URL specifies a scheme, it may only be "http://". Secure web proxies are not supported.
• The URL cannot include any text after the hostname, IP address, or port.
• If the port is not specified, port 80 will be used by default.

The following table shows whether various connections established by the .NET Data Provider may be tunneled through a web proxy:

Connection Destination and Protocol	Connection String Parameters (and Environment Variables)	OS Proxy Setting (see note 1)
HTTPS connections to Advanced SQL Engine (see Security Features)	Yes: HttpsProxy (HTTPS_PROXY), AllProxy (ALL_PROXY)	Yes
Non-HTTPS connections to Advanced SQL Engine	No	No
HTTPS connections to Identity Provider endpoints (see OpenID Connect)	Yes: HttpsProxy (HTTPS_PROXY), AllProxy (ALL_PROXY)	Yes
HTTP connections to Identity Provider endpoints	Yes: HttpProxy (HTTP_PROXY), AllProxy (ALL_PROXY)	Yes
HTTP connections to CRL and OCSP servers for Certificate Revocation Checking	No	Yes (see note 2)

1. If the OS proxy requires authentication in environments where the OS proxy credentials cannot be stored by the Operating System, the username and password may be supplied via connection string properties AllProxyUser and AllProxyPassword.

2. Certificate revocation checks may only utilize a web proxy specified via OS proxy settings. In environments where the OS proxy credentials cannot be stored by the Operating System, the OS proxy must not require authentication if SslMode=VerifyFull and SslCRC=Require.