diff --git a/http/httpproxy/proxy.go b/http/httpproxy/proxy.go
index 163645b86..1415b0779 100644
--- a/http/httpproxy/proxy.go
+++ b/http/httpproxy/proxy.go
@@ -27,8 +27,7 @@ import (
 type Config struct {
 	// HTTPProxy represents the value of the HTTP_PROXY or
 	// http_proxy environment variable. It will be used as the proxy
-	// URL for HTTP requests and HTTPS requests unless overridden by
-	// HTTPSProxy or NoProxy.
+	// URL for HTTP requests unless overridden by NoProxy.
 	HTTPProxy string
 
 	// HTTPSProxy represents the HTTPS_PROXY or https_proxy
@@ -129,8 +128,7 @@ func (cfg *config) proxyForURL(reqURL *url.URL) (*url.URL, error) {
 	var proxy *url.URL
 	if reqURL.Scheme == "https" {
 		proxy = cfg.httpsProxy
-	}
-	if proxy == nil {
+	} else if reqURL.Scheme == "http" {
 		proxy = cfg.httpProxy
 		if proxy != nil && cfg.CGI {
 			return nil, errors.New("refusing to use HTTP_PROXY value in CGI environment; see golang.org/s/cgihttpproxy")
diff --git a/http/httpproxy/proxy_test.go b/http/httpproxy/proxy_test.go
index 9951246a3..2a12dade0 100644
--- a/http/httpproxy/proxy_test.go
+++ b/http/httpproxy/proxy_test.go
@@ -111,6 +111,18 @@ var proxyForURLTests = []proxyForURLTest{{
 	},
 	req:  "https://secure.tld/",
 	want: "https://secure.proxy.tld",
+}, {
+	cfg: httpproxy.Config{
+		HTTPProxy: "http.proxy.tld",
+	},
+	req:  "https://secure.tld/",
+	want: "<nil>",
+}, {
+	cfg: httpproxy.Config{
+		HTTPProxy: "http.proxy.tld",
+	},
+	req:  "ftp://insecure.tld/",
+	want: "<nil>",
 }, {
 	// Issue 16405: don't use HTTP_PROXY in a CGI environment,
 	// where HTTP_PROXY can be attacker-controlled.