How to use an HTTP proxy with wget

Routing wget downloads through an HTTP proxy centralizes outbound HTTP and HTTPS traffic and hides individual client addresses from the public internet. In controlled networks, this improves egress policy enforcement, content filtering, and logging by sending every transfer through a single managed gateway. Consistent proxy usage also avoids connectivity problems where direct internet access is restricted or completely blocked.

On Linux, wget discovers proxy settings from environment variables such as http_proxy and https_proxy or from directives in the per-user configuration file ~/.wgetrc. When a proxy is configured, wget opens a TCP connection to the proxy instead of the target host and sends HTTP requests that describe which URL the proxy should retrieve. The proxy performs the remote fetch and streams the response back so wget can handle it as a normal download.

Because the proxy sits between client and server, it can inspect, cache, or rewrite plain HTTP content and may terminate and re-encrypt HTTPS sessions for inspection using custom certificate authorities. Storing proxy credentials in readable configuration files increases exposure, especially on multi-user systems and in backups. Configuration should therefore balance convenience with privacy by limiting file permissions, avoiding hard-coded passwords when possible, and validating downloaded files with checksums or signatures.

Steps to use an HTTP proxy with wget:

Obtain the HTTP proxy host name, TCP port, and any authentication credentials from the network administrator.
Set the http_proxy and https_proxy environment variables in the current shell to send wget traffic through the HTTP proxy.
```
$ export http_proxy=http://proxy.example.net:3128
$ export https_proxy=http://proxy.example.net:3128
```
Use uppercase HTTP_PROXY and HTTPS_PROXY for legacy tools and run unset http_proxy https_proxy to restore direct connectivity.

Fetch a simple page with wget to confirm that the proxy is reachable and forwarding requests.

$ wget --quiet --output-document=- https://www.example.com/
<html><body><h1>Example</h1><p>Welcome to example.</p><ul><li><a href="/docs/">Docs</a></li><li><a href="/data/">Data</a></li><li><a href="/repo/">Repo</a></li><li><a href="/internal/">Internal</a></li></ul><p>Resources for testing.</p><p>Offline mirror now!!</p></body></html>

Receiving HTML from the test site indicates that the proxy connection succeeded.

Enable persistent proxy usage for wget by adding proxy directives to ~/.wgetrc.
```
use_proxy = on
http_proxy = http://proxy.example.net:3128/
https_proxy = http://proxy.example.net:3128/
```
The ~/.wgetrc file affects only the current user; system-wide defaults are stored in /etc/wgetrc.
Add proxy_user and proxy_password entries in ~/.wgetrc when the proxy requires authentication.
```
proxy_user = alice
proxy_password = S3cur3!
```
Plain-text credentials in ~/.wgetrc are readable by any process running as the same user and can leak through backups, so consider using a locked-down .netrc file or interactive authentication for sensitive accounts.

Bypass the configured proxy for a specific download by using the --no-proxy option with wget when direct access is required.

$ wget --no-proxy https://www.example.com/internal/file.tar.gz
--2026-01-10 06:14:37--  https://www.example.com/internal/file.tar.gz
Resolving www.example.com (www.example.com)... 2001:db8:0:1::50, 203.0.113.50
Connecting to www.example.com (www.example.com)|2001:db8:0:1::50|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 16 [application/gzip]
Saving to: 'file.tar.gz'

     0K                                                       100% 1.04M=0s

2026-01-10 06:14:37 (1.04 MB/s) - 'file.tar.gz' saved [16/16]

Use proxy bypass only for trusted internal hosts; routing external traffic around the proxy can violate network policy.

Run wget in a new shell without proxy environment variables to verify that the ~/.wgetrc configuration alone is sufficient.

$ env | grep -i proxy
$ wget --quiet --output-document=- https://www.example.com/
<html><body><h1>Example</h1><p>Welcome to example.</p><ul><li><a href="/docs/">Docs</a></li><li><a href="/data/">Data</a></li><li><a href="/repo/">Repo</a></li><li><a href="/internal/">Internal</a></li></ul><p>Resources for testing.</p><p>Offline mirror now!!</p></body></html>

Empty env | grep -i proxy output combined with a successful download shows that the proxy settings in ~/.wgetrc are active.

Author: Mohd Shakir Zakaria
Mohd Shakir Zakaria is a cloud architect with deep roots in software development and open-source advocacy. Certified in AWS, Red Hat, VMware, ITIL, and Linux, he specializes in designing and managing robust cloud and on-premises infrastructures.