diff --git a/ChangeLog b/ChangeLog
index ca7864fc..bd5faa9b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -43,6 +43,8 @@ releases.
     - optimized failregex to match all of "Failed any-method for ... from <HOST>" (gh-1479)
     - eliminated possible complex injections (on user-name resp. auth-info, see gh-1479)
     - optional port part after host (see gh-1533, gh-1581)
+* `filter.d/squid.conf`
+    - Recognize 407 Proxy Authentication Required as failures (gh-1615)
 
 
 ### New Features
diff --git a/config/filter.d/squid.conf b/config/filter.d/squid.conf
index e26cab9c..aa51207b 100644
--- a/config/filter.d/squid.conf
+++ b/config/filter.d/squid.conf
@@ -1,10 +1,10 @@
-# Fail2Ban filter for Squid attempted proxy bypasses
+# Fail2Ban filter for Squid attempted proxy bypasses and bruteforcing
 #
 #
 
 [Definition]
 
-failregex = ^\s+\d\s<HOST>\s+[A-Z_]+_DENIED/403 .*$
+failregex = ^\s+\d\s<HOST>\s+[A-Z_]+_DENIED/40[37] .*$
             ^\s+\d\s<HOST>\s+NONE/405 .*$
 
 ignoreregex =
diff --git a/fail2ban/tests/files/logs/squid b/fail2ban/tests/files/logs/squid
index 300a8ac5..62ca326c 100644
--- a/fail2ban/tests/files/logs/squid
+++ b/fail2ban/tests/files/logs/squid
@@ -11,3 +11,6 @@
 
 # failJSON: { "time": "2013-12-09T00:09:06.000", "match": true , "host": "175.42.91.151" }
 1386544146.000      1 175.42.91.151 TCP_DENIED/403 3745 GET http://pkfsp.ru/wp-content/uploads/proxyc/engine.php - HIER_NONE/- text/html
+
+# failJSON: { "time": "2016-11-21T01:12:54.000", "match": true, "host": "98.189.78.228" }
+1479687174.000      1 98.189.78.228 TCP_DENIED/407 4259 CONNECT www.google.com:443 tgu1 HIER_NONE/- text/html