407 ошибка http

Feb 1, 2018 10:00:26 AM |
What is a 407 Proxy Authentication Required

An in-depth overview of what a 407 Proxy Authentication Required response code is and how to fix it in your own application.

The 407 Proxy Authentication Required is an HTTP response status code indicating that the server is unable to complete the request because the client lacks proper authentication credentials for a proxy server that is intercepting the request between the client and server. The 407 error code is similar to the 401 Unauthorized error we looked at a few months ago, which indicates that the client could not be authenticated with the server. However, in the case of a 407 Proxy Authentication Required error, the server isn’t reporting a direct authentication issue, but is instead reporting that the client needs to authenticate with a proxy server, which must send a special Proxy-Authenticate header as part of the response.

As with most HTTP response codes — especially those that indicate an error — the cause of a 407 Proxy Authentication Required error code can be challenging to find and fix. With a possible pool of over 50 status codes used to represent the complex relationship between the client, a web application, a web server, and (possibly) multiple third-party web services, determining the cause of a particular status code can be difficult under the best of circumstances.

In this article we’ll examine the 407 Proxy Authentication Required in more detail by looking at what might cause this message to appear, and we’ll go over a handful of tips you can use to diagnose and debug the appearance of this error within your own application. We’ll even examine a number of the most popular content management systems (CMSs) for potential problem areas that could cause your own website to be generating a 407 Proxy Authentication Required unexpectedly. Let’s get to it!

Server- or Client-Side?

All HTTP response status codes that are in the 4xx category are considered client error responses. Errors in the 4xx category contrast with those from the 5xx category, such as the 503 Service Unavailable Error we wrote about a couple months ago, which are considered server error responses. That said, the appearance of a 4xx error doesn’t necessarily mean the issue is on the client side (the «client», in this case, is typically the web browser or device being used to access the application). Oftentimes, if you’re trying to diagnose an issue within your own application, you can immediately ignore most client-side code and components, such as HTML, cascading style sheets (CSS), client-side JavaScript, and so forth. This doesn’t apply solely to web sites, either. Many smart phone apps, which implement a modern looking user interface, are often powered behind the scenes by a normal web application.

On the other hand, the server could be the root cause of a 407 Proxy Authentication Required error. In some cases, the server may be misconfigured and handling requests improperly, which can result in 407 code responses and other problematic traffic routing issues. We’ll explore some of these scenarios (and potential solutions) down below, but be aware that, even though the 407 Proxy Authentication Required is considered a client error response, it doesn’t inherently mean we can rule out either the client nor the server as the culprit in this scenario. In these situations, the server (or a proxy server, in some cases) is still the network object that is producing the 407 Proxy Authentication Required and returning it as the HTTP response code to the client, but it could be that the client is causing the issue in some way.

Start With a Thorough Application Backup

As with anything, it’s better to have played it safe at the start than to screw something up and come to regret it later on down the road. As such, it is critical that you perform a full backup of your application, database, and all other components of your website or application before attempting any fixes or changes to the system. Even better, if you have the capability, create a complete copy of the application and stick the copy on a secondary staging server that is either inactive, or publicly inaccessible. This will give you a clean testing ground on which to test all potential fixes needed to resolve the issue, without threatening the security or sanctity of your live application.

As discussed in the introduction, a 407 Proxy Authentication Required indicates that the client has failed to provide proper authentication credentials to a proxy server that is a node (i.e. connection) between the client and the primary web server accepting the original request. As specified by RFC7235 HTTP/1.1 Authentication standards document the proxy server must send a special Proxy-Authenticate header, which indicates to the client what type of authentication can be used to complete the original request, and what access that will provide.

The basic syntax of the Proxy-Authenticate header is as follows: Proxy-Authenticate: <type> realm=<realm>.

The <type> value can be any of the handful of valid authentication schemes allowed in HTTP/1.1, with the most common authentication scheme being Basic, which accepts a username and password credential pair to validate authentication.

The <realm> value is used as a simple description of the protected area or «scope» of access that this particular authentication process will provide to the client.

Once the client receives a 407 response code that includes a Proxy-Authenticate header indicating the authentication scheme the proxy server will accept, the user agent will then typically respond with the corresponding Proxy-Authorization request header: Proxy-Authorization: <type> <credentials>.

Just as with the Proxy-Authenticate response header, <type> in the Proxy-Authorization request header is used to specify the authentication scheme, which should match the scheme required by the proxy server.

The <credentials> should be replaced with the valid credentials to authenticate the client. In the case of a Basic authentication scheme the username and password values are concatenated with a colon separator (i.e. username:password), which is then encoded to a base64 text string. Thus, a full Proxy-Authorization request header using the Basic scheme with a username and password of username and password would look like this: Proxy-Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=. Once the user agent includes that header in the follow-up request, the proxy server will authenticate and authorize the client and the request will succeed.

Troubleshooting on the Client-Side

Since the 407 Proxy Authentication Required is a client error response code, it’s best to start by troubleshooting any potential client-side issues that could be causing this error. Here are a handful of tips to try on the browser or device that is giving you problems.

Check the Requested URL

The most common cause of a 407 Proxy Authentication Required is simply inputting an incorrect URL. Many servers are tightly secured, so as to disallow unexpected requests to resources that a client/user agent should not have access to. It may be that the requested URL is slightly incorrect, which is causing the user agent to request an unintended resource, which may be routed through a proxy server that requires authentication. For example, a request to the URI https://airbrake.io/login might route requests through a separate proxy server used to handle user authentication. If the original request did not contain appropriate credentials, the result could be a 407 Proxy Authentication Required error response. It’s always a good idea to double-check the exact URL that is returning the 407 Proxy Authentication Required error to make sure it is intended resource.

Debugging Common Platforms

If you’re running common software packages on the server that is responding with the 407 Proxy Authentication Required, you may want to start by looking into the stability and functionality of those platforms first. The most common content management systems — like WordPress, Joomla!, and Drupal — are all typically well-tested out of the box, but once you start making modifications to the underlying extensions or PHP code (the language in which nearly all modern content management systems are written in), it’s all too easy to cause an unforeseen issue that results in a 407 Proxy Authentication Required.

There are a few tips below aimed at helping you troubleshoot some of these popular software platforms.

Rollback Recent Upgrades

If you recently updated the content management system itself just before the 407 Proxy Authentication Required appeared, you may want to consider rolling back to the previous version you had installed when things were working fine. Similarly, any extensions or modules that you may have recently upgraded can also cause server-side issues, so reverting to previous versions of those may also help. For assistance with this task, simply Google «downgrade [PLATFORM_NAME]» and follow along. In some cases, however, certain CMSs don’t really provide a version downgrade capability, which indicates that they consider the base application, along with each new version released, to be extremely stable and bug-free. This is typically the case for the more popular platforms, so don’t be afraid if you can’t find an easy way to revert the platform to an older version.

Uninstall New Extensions, Modules, or Plugins

Depending on the particular content management system your application is using, the exact name of these components will be different, but they serve the same purpose across every system: improving the capabilities and features of the platform beyond what it’s normally capable of out of the box. But be warned: such extensions can, more or less, take full control of the system and make virtually any changes, whether it be to the PHP code, HTML, CSS, JavaScript, or database. As such, it may be wise to uninstall any new extensions that may have been recently added. Again, Google the extension name for the official documentation and assistance with this process.

Check for Unexpected Database Changes

It’s worth noting that, even if you uninstall an extension through the CMS dashboard, this doesn’t guarantee that changes made by the extension have been fully reverted. This is particularly true for many WordPress extensions, which are given carte blanche within the application, including full access rights to the database. Unless the extension author explicitly codes such things in, there are scenarios where an extension may modify database records that don’t «belong» to the extension itself, but are instead created and managed by other extensions (or even the base CMS itself). In those scenarios, the extension may not know how to revert alterations to database records, so it will ignore such things during uninstallation. Diagnosing such problems can be tricky, but I’ve personally encountered such scenarios multiple times, so your best course of action, assuming you’re reasonably convinced an extension is the likely culprit for the 407 Proxy Authentication Required, is to open the database and manually look through tables and records that were likely modified by the extension.

Above all, don’t be afraid to Google your issue. Try searching for specific terms related to your issue, such as the name of your application’s CMS, along with the 407 Proxy Authentication Required. Chances are you’ll find someone who has experienced the same issue.

Troubleshooting on the Server-Side

If you aren’t running a CMS application — or even if you are, but you’re confident the 407 Proxy Authentication Required isn’t related to that — here are some additional tips to help you troubleshoot what might be causing the issue on the server-side of things.

Confirm Your Server Configuration

Your application is likely running on a server that is using one of the two most popular web server softwares, Apache or nginx. At the time of publication, both of these web servers make up 84% of the world’s web server software! Thus, one of the first steps you can take to determine what might be causing these 407 Proxy Authentication Required response codes is to check the configuration files for your web server software for unintentional redirect or request handling instructions.

To determine which web server your application is using you’ll want to look for a key file. If your web server is Apache then look for an .htaccess file within the root directory of your website file system. For example, if your application is on a shared host you’ll likely have a username associated with the hosting account. In such a case, the application root directory is typically found at the path of /home/<username>/public_html/, so the .htaccess file would be at /home/<username>/public_html/.htaccess.

If you located the .htaccess file then open it in a text editor and look for lines that use ProxyXXX directives, which are part of the mod_proxy module in Apache. Covering exactly how these directives work is well beyond the scope of this article, however, the basic concept is that proxy directives allow the Apache server to map or associate local server requests and URIs to remote proxy locations.

For example, here we’ve enabled ProxyPass and ProxyPassReverse directives to match requests to the local /login URI and route them to https://proxy.airbrake.io/login. The <Location /login> section defines the authentication scheme and details we’re using:

ProxyPass        /login https://proxy.airbrake.io/login

ProxyPassReverse /login https://proxy.airbrake.io/login
<Location /login>
 Order deny,allow
 Allow from all
 AuthName "Login Authentication"
 AuthType basic
 AuthUserFile "/usr/local/apache2/conf/httpd.htpasswd"
 AuthGroupFile "/usr/local/apache2/conf/httpd.groups"
 </Location>
 

This is just one possible example, but if your own server is using a proxy then your particular configuration will look quite different. Look for any strange Proxy directives in the .htaccess file that don’t seem to belong, then try temporarily commenting them out (using the # character prefix) and restarting your web server to see if this resolves the issue.

On the other hand, if your server is running on nginx, you’ll need to look for a completely different configuration file. By default this file is named nginx.conf and is located in one of a few common directories: /usr/local/nginx/conf, /etc/nginx, or /usr/local/etc/nginx. Once located, open nginx.conf in a text editor and look for proxy_ directives. For example, here is a simple block directive (i.e. a named set of directives) that configures a virtual server for airbrake.io and ensures that, similar to above, a request to https://airbrake.io/login will be authenticated via the proxy_pass directive to https://proxy.airbrake.io/login:

server {

    listen 80;

    listen 443 ssl;

    server_name airbrake.io;
 location /login/ {
 auth_basic "Login Authentication";
 auth_basic_user_file /etc/nginx/conf.d/nginx.htpasswd;
 proxy_pass https://proxy.airbrake.io/login;
 proxy_set_header Host $http_host;
 proxy_set_header X-Real-IP $remote_addr;
 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 proxy_set_header X-Forwarded-Proto $scheme;
 proxy_read_timeout 900;
 }
 }
 

Have a look through your nginx.conf file for any abnormal proxy_ directives and comment out any abnormalities before restarting the server to see if the issue was resolved.

Configuration options for each different type of web server can vary dramatically, so we’ll just list a few popular ones to give you some resources to look through, depending on what type of server your application is running on:

• Apache
• Nginx
• IIS
• Node.js
• Apache Tomcat

Look Through the Logs

Nearly every web application will keep some form of server-side logs. Application logs are typically the history of what the application did, such as which pages were requested, which servers it connected to, which database results it provides, and so forth. Server logs are related to the actual hardware that is running the application, and will often provide details about the health and status of all connected services, or even just the server itself. Google «logs [PLATFORM_NAME]» if you’re using a CMS, or «logs [PROGRAMMING_LANGUAGE]» and «logs [OPERATING_SYSTEM]» if you’re running a custom application, to get more information on finding the logs in question.

Debug Your Application Code or Scripts

If all else fails, it may be that a problem in some custom code within your application is causing the issue. Try to diagnose where the issue may be coming from through manually debugging your application, along with parsing through application and server logs. Ideally, make a copy of the entire application to a local development machine and perform a step-by-step debug process, which will allow you to recreate the exact scenario in which the 407 Proxy Authentication Required occurred and view the application code at the moment something goes wrong.

No matter the cause — and even if you managed to fix this particular error this time around — the appearance of an issue like the 407 Proxy Authentication Required within your own application is a good indication you may want to implement an error management tool, which will help you automatically detect errors and will alert you the instant they occur. Airbrake’s error monitoring software provides real-time error monitoring and automatic exception reporting for all your development projects. Airbrake’s state of the art web dashboard ensures you receive round-the-clock status updates on your application’s health and error rates. No matter what you’re working on, Airbrake easily integrates with all the most popular languages and frameworks. Plus, Airbrake makes it easy to customize exception parameters, while giving you complete control of the active error filter system, so you only gather the errors that matter most.

Check out Airbrake’s error monitoring software today and see for yourself why so many of the world’s best engineering teams use Airbrake to revolutionize their exception handling practices!

HTTP response status code 407 Proxy Authentication Required is a client error that is returned by the server to indicate that the request has to be authenticated for the client to use a proxy. This is similar to a 401 Unauthorized error message, and the user must satisfy the requirements before being allowed access to the resource.

Usage

When the 407 Proxy Authentication Required error message is received, the client understands that valid login credentials need to be supplied in advance of being granted access to the requested resource. This is very similar to the 401 Unauthorized response and the client can use the same authentication protocols.

The Proxy-Authenticate header is returned by the server to indicate what methods it allows.

Example

In the example, the client requests a resource and the server responds with the 407 Proxy Authentication Required response to indicate that the resource is protected. As part of the response, the server indicates that it supports basic authorization. The client responds by stating that it is providing a username:password pair using the basic authentication protocol, which is specified in the Proxy-Authorization header. Finally, the server responds by transmitting the requested resource.

Initial request

GET /documents/tech-news HTTP/1.1
Host: www.example.ai

Initial response

HTTP/1.1 407 Proxy Authentication Required
Proxy-Authenticate: Basic; realm=”Documents”

Next request

GET /documents/tech-news HTTP/1.1
Host: www.example.ai
Proxy-Authorization: Basic RXhhbXBsZTphaQ==

Final response

HTTP/1.1 200 OK
Content-Type: application/pdf
Content-Length: 25000

<PDF document included in message body>

Code references

.NET

HttpStatusCode.ProxyAuthenticationRequired

Rust

http::StatusCode::PROXY_AUTHENTICATION_REQUIRED

Rails

:proxy_authentication_required

Go

http.StatusProxyAuthRequired

Symfony

Response::HTTP_PROXY_AUTHENTICATION_REQUIRED

Python3.5+

http.HTTPStatus.PROXY_AUTHENTICATION_REQUIRED

Java

java.net.HttpURLConnection.HTTP_PROXY_AUTH

Apache HttpComponents Core

org.apache.hc.core5.http.HttpStatus.SC_PROXY_AUTHENTICATION_REQUIRED

Angular

@angular/common/http/HttpStatusCode.ProxyAuthenticationRequired

Takeaway

The 407 Proxy Authentication Required status code is used to indicate the authorization is required to access the requested resource through a proxy. The server will inform which Authentication method(s) it supports and the client is required to authenticate itself before access is granted. Several common authentication schemes exist.

See also

• 401 Unauthorized
• RFC 7231

Errors are one of the most frustrating aspects of running a WordPress site. Some problems like HTTP Error 407 can make your content inaccessible, leading to a drop in sales or conversions.

Luckily, there are some easy steps you can take to resolve this issue, plus tools to help you debug your site. By identifying the root cause of the problem, you can implement the right fix and hopefully prevent it from happening again in the future.

In this article, we’ll take a closer look at the HTTP 407 error and its causes. Then, we’ll show you how to fix it on the client side and server side. Let’s get started!

Check Out Our Video Guide To Fixing HTTP Error 407 “Proxy Authentication Required”

What Does “407 Proxy Authentication Required” Mean?

The “407 Proxy Authentication Required” error occurs when the server is unable to complete a request. This happens due to a lack of authentication credentials when a proxy server is used between the client and server. Essentially, the proxy is unable to authenticate the client.

Since there are multiple parties involved, it can be tricky to identify the exact cause of the problem. It may even be caused by the proxy itself, meaning there is no fix on your end.

However, there are some things that you can do to try to resolve the communication with the proxy.

Note that this problem may also be related to the generic 400 Bad Request error.

Inaccessible content can mean a drop in sales or conversions… but luckily, there are some easy steps you can take to resolve this frustrating error 💪Click to Tweet

What Causes the HTTP Error 407?

HTTP errors happen when a client requests to connect to a server and fails. Anytime a web browser attempts to access an online server through the HTTP protocol, there is a conversation between the client and server. HTTP codes are used to handle that conversation, sending success and failure messages back and forth.

HTTP error 407 is similar to error 401, which occurs due to unauthorized access. The only difference is that error 407 fails authentication with a proxy rather than a direct server connection.

Client authentication is part of the process of establishing a secure connection. One component of this communication is the exchange of a digital certificate. This certificate may be tied to the digital ID of a person, company, program, or individual machine. Servers can approve or deny requests based on the data within a digital certificate and grant or withhold access to connect.

In many cases, a simple connection delay, typo, or code contradiction can lead to a digital ID being misunderstood and rejected. Alternatively, you might not have access to the server.

How To Fix the “407 Proxy Authentication Required” Error

Since there are three different parties involved, you may need to try a few different solutions to resolve HTTP error 407. You may have access to the client and server, but the proxy is likely out of your control.

Hopefully, you’re using an Application Performance Monitoring (APM) software that caught the error before it became a larger problem. There are several powerful APM tools that can help you identify and resolve errors on your site, including our Kinsta APM tool. You can access this from the MyKinsta dashboard.

Now, let’s look at how to identify the cause of HTTP error 407 and resolve the issue. As always, it’s a good idea to perform a backup before making changes to your site.

Fixing a Client-Side Issue

Checking for client-side issues is probably the quickest and easiest place to start. To rule out any oddities, you can try to connect from a different browser or device. For instance, if you get a 407 error on your computer but not your phone, there may be an issue with the device’s digital ID or security program.

If you’ve made changes to your site recently, you may want to undo them and test the connection again. Otherwise, if you have reason to believe it could be a client-side issue, you can try the following steps.

Step 1: Check the URL

First, you’ll want to make sure that you’re entering the correct URL. This may sound silly, but a minor typo can lead to the HTTP 407 error. Therefore, you’ll want to double-check the URL, clear your cache, and try revisiting the website.

Better yet, try using a search engine to pull up the page you’re looking for, rather than typing in the URL directly. If you’re still receiving an authentication error, there is likely an issue on the back end.

Step 2: Deactivate Your Plugins

If you’ve recently made any changes that seem to coincide with the error, that is a good lead to pursue. If the error is happening on your own website, you might want to take a look at any recent plugins, themes, or extensions you have added or updated.

If you’re still able to access your dashboard, go to the Plugins page and deactivate all of your plugins:

Then, try to connect to the site again to see if the error persists. If not, you may have found the source of the problem.

Now, reactive your plugins one at a time and keep refreshing the page. If HTTP error 407 only occurs when a certain plugin is active, there may be some issue with the coding that is preventing you from accessing the proxy server.

If you’re unable to access the WordPress dashboard, you’ll need to connect to your site via a File Transfer Protocol (FTP) client like FileZilla. Once you enter your credentials and connect to your site, navigate to public_html > wp-content and locate the plugins folder.

Then, right-click on the folder and select Rename:

By renaming this folder, you’ll automatically deactivate all plugins on your site. Now, check to see if the error has disappeared. If it has, you can rename the folder back to plugins and log into your WordPress dashboard to reactive your plugins one by one until you find the culprit.

You might want to check to see if there is an update available for the glitchy plugin, as this may resolve the issue. If not, consider reaching out to the developer to see if they’re aware of the problem and if they’re working on a solution.

Step 3: Review and Roll Back Recent Changes

If you can’t find any issues on the client-side that could be causing the problem, the last thing you can do before moving on is to run a restoration. If you can revert the site to a previous instance before the error cropped up, this will determine if the problem was caused by a recent change or an external source.

If possible, run a backup before rolling back so you can return to the current version if the error persists. Otherwise, you may revert back and still encounter the problem, then have to redo your work to return your site to its previous state.

If the error no longer occurs after restoring a backup, this may indicate that a recent modification to your site is causing the issue. If you can think of any likely culprits, you can try testing them first. Otherwise, you’ll need to redo any updates incrementally and check to see if the error returns as a result of a specific change.

Fixing a Server-Side Issue

If none of the above steps resolved HTTP error 407, you may be dealing with a server-side issue. If you have other sites on your server, you can check to see if they are experiencing the same error. This will help confirm if the error is present on a particular site only or if it’s originating on the server.

Let’s look at a few troubleshooting steps to help you resolve error 407 on the server side.

Step 1: Review Error Logs

Error logs record activity on your website and server, including any errors that occur. These logs can show you which connection requests are successful and which are failing.

To access your error logs, open your site’s root folder from your FTP. Then, select the logs folder. Here, you’ll see two options: nginx and php. These folders contain error logs that you can view:

Nginx handles serving, proxying, and caching. Note that if your host uses a different server, the name of this file will be different. Meanwhile, PHP is the scripting language that WordPress runs on. If you search either log for error 407, it may shed some light on why it’s happening and when it started.

Step 2: Check Server Config Files

A common cause for a proxy authentication error is an unexpected redirect. This may look suspicious to a proxy server, causing it to deny access. Therefore, you’ll want to check your web server’s configuration files to see if there are any unintentional redirect instructions.

You can do this by checking the .htaccess file. Using an FTP client, go to your website’s root folder and click on the app folder. Then, select public and you should see the .htaccess file:

Open this file and look for any lines of code that include the term “redirect” or are rewriting URLs. If any of these look suspicious or unnecessary, consider removing them (you may want to make a copy of the file first). Then, check to see if error 407 is still present when you try visiting your site.

Since this code is probably in your .htaccess file for a reason, removing it may cause aspects of your site to stop functioning. However, if this code is the cause of HTTP error 407, you will need to address it. We recommend contacting your hosting provider for assistance.

Step 3: Debug App or Scripts

One last thing you can try is debugging your site. If you’ve recently added custom code or new plugins, there’s a chance that a simple bug could be causing authentication issues. The free Query Monitor can help you comb through the code to look for anything suspicious.

Before you get started, we recommend that you clone your site to a staging environment. This can be easily done using DevKinsta. Then, you can safely try to isolate the events that are triggering error 407.

If you need a little help, you can enable WordPress debugging to get a better look at what is going on. You can also turn on the WordPress debug log to track bugs for you to review later.
Learn how to fix this frustrating error (and keep it from happening again) with help from this guide ✅Click to Tweet

Summary

HTTP Error 407 usually happens when the server is unable to complete a request as the client lacks proper authentication credentials for a proxy server. Since this error can prevent users from accessing your site, you’ll want to fix it straight away.

If the problem occurs on the client side, you can try deactivating your plugins and rolling back recent changes to resolve the issue. If it happens on the server side, you’ll need to check your server configuration files, review your application logs, and debug your apps or scripts.

Either way, the simple fixes above should clear the HTTP error 407, and you will be able to move forward.

Умные люди придумали коды, по которым можно определить, что произошло с HTTP-запросом. Успешен ли он, произошло ли перенаправление. Или же все закончилось ошибкой. Как раз об ошибках и будем говорить в этой статье. Вкратце расскажу, какие они бывают и с чем связаны. 

А еще тут будет парочка забавных (и не очень) пикч и анимаций на тему описанных ошибок. Хоть какое-то развлечение.

Ошибки со стороны клиента (4xx)

Для начала перечислим коды ошибок на стороне клиента. Вина за их появление ложится на плечи обоих участников соединения.

400 Bad Request

Такой ответ от браузера можно получить в том случае, если сервер не смог правильно отреагировать на запрос со стороны пользователя. Часто код 400 возникает при попытке клиента получить доступ к серверу без соблюдения правил оформления синтаксиса протокола передачи гипертекста (HTTP). Повторный запрос не стоит отправлять до тех пор, пока не будет исправлена ошибка (или несколько из них). 

401 Unauthorized

Код 401 возникает при попытке клиента получить доступ к серверу, используя неправильные данные для авторизации. По сути, используется, когда пользователь вводит неправильный логин и пароль на ресурсе, где требуется эта информация для входа. Читайте: Как исправить ошибку 401

402 Payment Required

Эта ошибка сообщает клиенту о том, что для успешного выполнения запроса ему необходимо оплатить доступ к серверу. Изначально код 402 должен был стать неким стандартом для цифровой валюты и оплаты контента в сети. Но не срослось. До сих пор нет единого решения по поводу того, как должны выглядеть платежи в сети. Также нет и единого решения по поводу того, как стоит использовать 402. 

Все еще считается, что код существует с расчетом на будущее. Сейчас почти не используется и поддерживается не всеми браузерами.

403 Forbidden

Почти то же, что и 401. Сервер снова не разрешает к нему подключиться, хотя с запросом все в порядке. Просто нет доступа. Причем повторная авторизация с другими логином и паролем никак не помогут. Все вопросы к владельцам сервера (но не всегда). Инструкция по устранению ошибки. 

Творчество на тему знаменитой киносаги

404 Not Found

Легендарная ошибка, ставшая популярным мемом. 404 оповещает клиента о том, что его запрос ведет в никуда. Код возникает, когда пользователь пытается попасть на страницу, которой не существует. Например, когда случайно ошибается при вводе ссылки и вводит ее с опечаткой. Или же пытается получить доступ к странице, которой на сайте уже нет. 

В отличие от других кодов, страницу с 404 частенько кастомизируют, создавая для нее уникальный дизайн. Мало того, что это выглядит симпатичнее, так еще и полезнее для посетителей. Можно прямо на странице с ошибкой разъяснить, что произошло и как дальше действовать.

И таких вариаций тысячи. Каждый пытается добавить в оформление что-то свое.

405 Method Not Allowed

405 сообщает клиенту о том, что метод, используемый при запросе, не разрешен. В качестве примера можно привести попытку со стороны клиента ввести данные в форму с помощью GET, когда она работает только с POST. Ну и в таком же духе. 

406 Not Acceptable

Ошибка 406 сообщает о том, что страница передает контент, который не может быть распознан клиентом. Возможно, проблема в методе сжатия или в формате страницы. Иногда сюда же приплетают неправильные настройки кодировки.

Этот код редко используют на практике, так как его появления можно избежать, предоставив пользователю информацию на сайте в том виде, который его браузер способен принять. Посетитель сайта по итогу получит не то, что ожидал, но хотя бы не ошибку.

407 Proxy Authentication Required

Этот код тоже похож на 401. Только на этот раз логин и пароль нужны не для основного сервера, а для прокси, который находится между клиентом и сервером. Обычно в теле ошибки содержится информация о том, как можно правильно пройти авторизацию и получить доступ к ресурсу.

408 Request Timeout

408 говорит нам о том, что сервер пожелал разорвать соединение с клиентом, потому что оно никак не используется. Происходит это в том случае, если сервер буквально устал ждать, пока наладится соединение с ним. Поэтому такую ошибку часто можно лицезреть после очень долгой и безуспешной загрузки какого-нибудь сайта. 

Многие серверы не отправляют никаких сообщений, а просто прерывают соединение по той же причине. На запрос уходит больше времени, чем на то полагается.

В Мистере Роботе частенько называли серии в честь ошибок HTTP (весь четвертый сезон в нумерации 4хх). В честь 408, например, назвали восьмую серию четвертого сезона

409 Conflict

Сообщение о конфликте возникает, когда запрос со стороны клиента не соответствует тому, чего ожидает сервер. В качестве примера приводят проблемы при проверки версий, когда пользователь пытается с помощью метода PUT загрузить на сервер новый файл, но там уже имеется более новая версия того же файла. Конфликта версий можно легко избежать, загрузив корректную версию.

410 Gone

Своего рода аналог 404. Разница лишь в том, что 410 намекает на перманентность отсутствия страницы. Так что этот код стоит использовать, когда на 100% уверен, что страница ушла в небытие (ну или с текущего адреса) навсегда. В любом другом случае есть универсальный 404. 

411 Length Required

411 оповещает пользователя о том, что сервер не желает принимать запрос со стороны клиента, потому что в нем не определен заголовок Content-Length. Да, это первый код в подборке, который смогут понять только люди, сведущие в настройке серверов. По-простому уложить сущность HTML-заголовков в этот материал не получится.

412 Precondition Failed

Еще один код, сообщающий о том, что сервер отклонил запрос пользователя и не разрешает доступ к выбранному ресурсу. Проблемы возникают при неправильной настройке работы методов, отличающихся от GET и HEAD. 

413 Payload Too Large/Request Entity Too Large

Код 413 говорит нам, что запрос, который посылает клиент на сервер, слишком большой. Поэтому сервер отказывается его обрабатывать и разрывает соединение. Обычно это происходит при попытке загрузить на ресурс какой-то файл, превышающий ограничение, выставленное в настройках сервера. Соответственно, решается проблема изменением настроек сервера. 

414 URI Too Long

Чем-то этот код похож на предыдущий. Здесь тоже идет речь о превышение лимита. Только теперь это касается не запроса со стороны клиента, а длины URI. То есть ссылки. Выходит, что адрес, используемый клиентом, больше, чем тот, что может обработать сервер. Как-то так. 

Такая ошибка иногда выскакивает при попытке взломать ресурс. Сайт так реагирует на слишком частые попытки воспользоваться потенциальными дырами в безопасности.

415 Unsupported Media Type

Ошибка 415 возникает, когда клиент пытается загрузить на сервер данные в неподходящем формате. В таком случае сервер просто отказывается принимать посылаемые файлы и разрывает соединение. Как и в случае с 413. 

416 Range Not Satisfiable

Подобный ответ можно ожидать, если клиент запрашивает у сервера определенные данные, но эти данные на сервере не соответствуют запросу. То есть, грубо говоря, вы просите у сервера какой-то набор данных с заранее заданным размером, а в итоге оказывается, что размер этих данных меньше, чем объем, указанный в запросе. Серверу ничего не остается, кроме как послать вас, ведь он не обучен поведению в таких ситуациях.

417 Expectation Failed

Такая ошибка высвечивается, когда ожидания сервера не совпадают с данными в запросе клиента. Сведения об ожиданиях прописываются в заголовке Expect заранее. Так что можно ознакомиться с ними, чтобы выяснить, как решить названную проблему.

418 I’m a teapot

Код 418 можно увидеть, если сервер откажется варить кофе, потому что он чайник. Это первоапрельская шутка. Естественно, 418 не используется нигде всерьез и просто существует как дань памяти программистам-юмористам, придумавшим это в 1998 году.

У Google получился такой симпатичный чайник

421 Misdirected Request

Появляется когда запрос клиента переправляется на сервер, который не может дать на него адекватный ответ. Например, если запрос был отправлен на ресурс, который вообще не настроен обрабатывать запросы извне. 

Чтобы исправить проблему, можно попробовать переподключиться к ресурсу заново или попробовать другое соединение.

422 Unprocessable Entity

Код 422 говорит, что сервер вроде бы принял запрос, понял его, все хорошо, но из-за семантических ошибок корректно обработать не смог. Значит, где-то в запросе затаилась логическая ошибка, мешающая корректному взаимодействию клиента и сервера. Надо ее найти и исправить.

423 Locked

Обычно на этот код напарываются, когда запрашиваемый ресурс оказывается под защитой. Используемые клиентом методы блокируются на уровне сервера. Это делается, чтобы обезопасить данные, хранящиеся на защищенной странице. Без логина и пароля выудить информацию с такого сервера не получится.

424 Failed Dependency

424 сообщает о том, что для выполнения запроса со стороны клиента успешно должна завершиться еще одна или несколько параллельных операций. Если какая-то из них «провалится», то «помрет» все соединение сразу, и обработать запрос до конца не получится. Аналогичное происходит, если некорректно был обработан один из предыдущих запросов.

425 Too Early

Появляется в ответ на запрос, который может быть моментально запущен заново. Сервер не рискует и не берется за его обработку, чтобы не подставиться под так называемую «атаку повторного воспроизведения».

426 Upgrade Required

Тут нам прямо сообщают, что сервер не желает с нами общаться, пока мы не перейдем на более современный протокол. Наткнуться на такую ошибку очень тяжело, но в случае появления, скорее всего, будет достаточно установить браузер посвежее.

428 Precondition Required

428 выскакивает, если пользователь отправляет запрос на сервер, но получает некорректные или неактуальные данные. Так ресурс оповещает о необходимости внести в запрос информацию о предварительных условиях обработки данных. Только так он сможет гарантировать получение клиентом нужной информации.

429 Too Many Requests

Здесь все просто. Ошибка появляется, когда клиент отправляет на сервер слишком много запросов в короткий промежуток времени. Очень похоже на поведение взломщиков. По этой причине запрос моментально блокируется. 

431 Request Header Fields Too Large

Из названия понятно, что ошибка с кодом 431 появляется из-за того, что в запросе клиента используются слишком длинные заголовки (неважно, один или несколько из них). Исправляется это с помощью сокращения заголовков и повторной отправки запроса. В теле ошибки обычно отображается краткая информация о том, как пользователь может решить эту проблему самостоятельно.

444 No Response

Этот код вам вряд ли удастся увидеть. Он отображается в лог-файлах, чтобы подтвердить, что сервер никак не отреагировал на запрос пользователя и прервал соединение. 

449 Retry With

Код используется в расширениях компании Microsoft. Он сигнализирует о том, что запрос от клиента не может быть принят сервером. Причиной становятся неверно указанные параметры. Сама 449 ошибка говорит о необходимости скорректировать запрос и повторить его снова, подготовив к работе с сервером.

450 Blocked by Windows Parental Controls

450 код увидят дети, попавшие под действие системы «Родительский контроль» компании Microsoft. По сути, ошибка говорит о том, что с компьютера попытались зайти на заблокированный ресурс. Избежать этой ошибки можно изменением параметров родительского контроля.

451 Unavailable For Legal Reasons

Этот код сообщает клиенту, что он не может попасть на запрашиваемый ресурс из юридических соображений. Скорее всего, доступ был заблокирован из-за каких-нибудь государственных санкций, нового законодательства или цензуры со стороны властей. В общем, все вопросы к государству и провайдеру связи.

Список ошибок на стороне сервера (5xx)

Теперь поговорим об ошибках, которые возникают где-то на сервере. Все они связаны с запросами, которые не удается обработать на том конце. Пользователь зачастую в их появлении не виноват.

500 Internal Server Error

Этот код возникает, когда сервер сталкивается с непредвиденными обстоятельствами. Такими, которые и сам не может пояснить. Как, собственно, и завершить запрос со стороны пользователя. По факту, эта ошибка говорит нам что-то вроде «Я не могу подобрать более подходящий код ошибки, поэтому лови 500 и делай с этим, что хочешь». Мы писали о нем чуть подробнее тут.

Дело не в тебе, дело во мне (С)

501 Not Implemented

501 говорит нам, что функциональность, необходимая для обработки запроса со стороны клиента, попросту не реализована на сервере. Он не сможет корректно обработать используемый метод. 

Иногда в теле ошибки еще пишут что-то в духе «Приходите попозже, возможно, в будущем нужная функция появится».

502 Bad Getaway

Можно встретить в том случае, если запрашиваемый сервер выступает в роли шлюза или прокси. Возникает из-за несогласования протоколов между вышестоящим серверов и его шлюзом. Рассказываем о том, как ее исправить, в этой статье. 

503 Service Unavailable

Появляется, когда сервер не может обработать запрос клиента по одной из двух технических причин:

1. Слишком много пользователей в текущий момент пытаются отправить запросы, и у сервера не остается ресурсов, чтобы ответить кому-либо еще.
2. На сервере ведутся технические работы, временно блокирующие его работу.

Обычно ошибка 503 носит временный характер, и для ее решения достаточно немного подождать. 

504 Gateway Timeout

Ошибка похожа на 408. Здесь же прокси-сервер пытается выйти на контакт с вышестоящим сервером, но не успевает это сделать до истечения тайм-аута. Отсюда и ошибка.

505 HTTP Version Not Supported

Этот код похож на 426. Он тоже связан с неподходящей версией протокола HTTP. В этом случае нужно обеспечить и клиента, и сервер единой версией. Она, как правило, указывается в запросе со стороны пользователя. 

506 Variant Also Negotiates

Обычно с такой ошибкой сталкиваются только в том случае, если сервер изначально настроен неправильно. То есть это не сиюминутная проблема, а что-то серьезное на уровне базовой конфигурации. Тут придется потрудиться разработчикам. Выявить проблему и разрешить ее.

507 Insufficient Storage

Код 507 встречается в тех ситуациях, когда серверу не хватает пространства в хранилище для обработки запроса со стороны клиента. Проблема решается освобождением места или расширением доступного пространства. Тогда сервер сможет без проблем обработать запрос пользователя.

508 Loop Detected

Таким кодом сервер отзовется в случае, если заметит бесконечный цикл в запросе клиента. Можно расценивать его как провал запроса и выполняемой операции в целом.

509 Bandwidth Limit Exceeded

Возникает, если сервер начинает потреблять больше трафика, чем ему позволено. 

510 Not Extended

Появляется, если клиент посылает запрос на использование какого-либо расширения, отсутствующего на сервере. Чтобы исправить проблему, надо убрать декларирование неподдерживаемого расширения из запроса или добавить поддержку на сервер.

511 Network Authentication Required

511 код говорит о том, что перед тем как выйти в сеть, надо авторизоваться (ввести логин и пароль). Можно воспринимать это неким PPPoE подключением, когда от клиента требуются данные для авторизации.

Заключение

Закончили. Это все ошибки, которыми отзывается HTTP, если на стороне сервера или клиента что-то пошло не так. Наткнуться на большую их часть довольно тяжело. Особенно, если вы раньше только серфили в интернете, а не занимались разработкой сайтов. А тем, кто входит в эту стезю, полезно знать основные ошибки, так как, скорее всего, придется не раз их исправлять. 

From Wikipedia, the free encyclopedia

This is a list of Hypertext Transfer Protocol (HTTP) response status codes. Status codes are issued by a server in response to a client’s request made to the server. It includes codes from IETF Request for Comments (RFCs), other specifications, and some additional codes used in some common applications of the HTTP. The first digit of the status code specifies one of five standard classes of responses. The optional message phrases shown are typical, but any human-readable alternative may be provided, or none at all.

Unless otherwise stated, the status code is part of the HTTP standard (RFC 9110).

The Internet Assigned Numbers Authority (IANA) maintains the official registry of HTTP status codes.^[1]

All HTTP response status codes are separated into five classes or categories. The first digit of the status code defines the class of response, while the last two digits do not have any classifying or categorization role. There are five classes defined by the standard:

• 1xx informational response – the request was received, continuing process
• 2xx successful – the request was successfully received, understood, and accepted
• 3xx redirection – further action needs to be taken in order to complete the request
• 4xx client error – the request contains bad syntax or cannot be fulfilled
• 5xx server error – the server failed to fulfil an apparently valid request

1xx informational response

An informational response indicates that the request was received and understood. It is issued on a provisional basis while request processing continues. It alerts the client to wait for a final response. The message consists only of the status line and optional header fields, and is terminated by an empty line. As the HTTP/1.0 standard did not define any 1xx status codes, servers must not^{[note 1]} send a 1xx response to an HTTP/1.0 compliant client except under experimental conditions.

100 Continue

The server has received the request headers and the client should proceed to send the request body (in the case of a request for which a body needs to be sent; for example, a POST request). Sending a large request body to a server after a request has been rejected for inappropriate headers would be inefficient. To have a server check the request’s headers, a client must send Expect: 100-continue as a header in its initial request and receive a 100 Continue status code in response before sending the body. If the client receives an error code such as 403 (Forbidden) or 405 (Method Not Allowed) then it should not send the request’s body. The response 417 Expectation Failed indicates that the request should be repeated without the Expect header as it indicates that the server does not support expectations (this is the case, for example, of HTTP/1.0 servers).^[2]

101 Switching Protocols

The requester has asked the server to switch protocols and the server has agreed to do so.

102 Processing (WebDAV; RFC 2518)

A WebDAV request may contain many sub-requests involving file operations, requiring a long time to complete the request. This code indicates that the server has received and is processing the request, but no response is available yet. ^[3] This prevents the client from timing out and assuming the request was lost. The status code is deprecated.^[4]

103 Early Hints (RFC 8297)

Used to return some response headers before final HTTP message.^[5]

2xx success

This class of status codes indicates the action requested by the client was received, understood, and accepted.^[1]

200 OK

Standard response for successful HTTP requests. The actual response will depend on the request method used. In a GET request, the response will contain an entity corresponding to the requested resource. In a POST request, the response will contain an entity describing or containing the result of the action.

201 Created

The request has been fulfilled, resulting in the creation of a new resource.^[6]

202 Accepted

The request has been accepted for processing, but the processing has not been completed. The request might or might not be eventually acted upon, and may be disallowed when processing occurs.

203 Non-Authoritative Information (since HTTP/1.1)

The server is a transforming proxy (e.g. a Web accelerator) that received a 200 OK from its origin, but is returning a modified version of the origin’s response.^[7][8]

204 No Content

The server successfully processed the request, and is not returning any content.

205 Reset Content

The server successfully processed the request, asks that the requester reset its document view, and is not returning any content.

206 Partial Content

The server is delivering only part of the resource (byte serving) due to a range header sent by the client. The range header is used by HTTP clients to enable resuming of interrupted downloads, or split a download into multiple simultaneous streams.

207 Multi-Status (WebDAV; RFC 4918)

The message body that follows is by default an XML message and can contain a number of separate response codes, depending on how many sub-requests were made.^[9]

208 Already Reported (WebDAV; RFC 5842)

The members of a DAV binding have already been enumerated in a preceding part of the (multistatus) response, and are not being included again.

226 IM Used (RFC 3229)

The server has fulfilled a request for the resource, and the response is a representation of the result of one or more instance-manipulations applied to the current instance.^[10]

3xx redirection

This class of status code indicates the client must take additional action to complete the request. Many of these status codes are used in URL redirection.^[1]

A user agent may carry out the additional action with no user interaction only if the method used in the second request is GET or HEAD. A user agent may automatically redirect a request. A user agent should detect and intervene to prevent cyclical redirects.^[11]

300 Multiple Choices

Indicates multiple options for the resource from which the client may choose (via agent-driven content negotiation). For example, this code could be used to present multiple video format options, to list files with different filename extensions, or to suggest word-sense disambiguation.

301 Moved Permanently

This and all future requests should be directed to the given URI.

302 Found (Previously «Moved temporarily»)

Tells the client to look at (browse to) another URL. The HTTP/1.0 specification (RFC 1945) required the client to perform a temporary redirect with the same method (the original describing phrase was «Moved Temporarily»),^[12] but popular browsers implemented 302 redirects by changing the method to GET. Therefore, HTTP/1.1 added status codes 303 and 307 to distinguish between the two behaviours.^[11]

303 See Other (since HTTP/1.1)

The response to the request can be found under another URI using the GET method. When received in response to a POST (or PUT/DELETE), the client should presume that the server has received the data and should issue a new GET request to the given URI.

304 Not Modified

Indicates that the resource has not been modified since the version specified by the request headers If-Modified-Since or If-None-Match. In such case, there is no need to retransmit the resource since the client still has a previously-downloaded copy.

305 Use Proxy (since HTTP/1.1)

The requested resource is available only through a proxy, the address for which is provided in the response. For security reasons, many HTTP clients (such as Mozilla Firefox and Internet Explorer) do not obey this status code.

306 Switch Proxy

No longer used. Originally meant «Subsequent requests should use the specified proxy.»

307 Temporary Redirect (since HTTP/1.1)

In this case, the request should be repeated with another URI; however, future requests should still use the original URI. In contrast to how 302 was historically implemented, the request method is not allowed to be changed when reissuing the original request. For example, a POST request should be repeated using another POST request.

308 Permanent Redirect

This and all future requests should be directed to the given URI. 308 parallel the behaviour of 301, but does not allow the HTTP method to change. So, for example, submitting a form to a permanently redirected resource may continue smoothly.

4xx client errors

This class of status code is intended for situations in which the error seems to have been caused by the client. Except when responding to a HEAD request, the server should include an entity containing an explanation of the error situation, and whether it is a temporary or permanent condition. These status codes are applicable to any request method. User agents should display any included entity to the user.

400 Bad Request

The server cannot or will not process the request due to an apparent client error (e.g., malformed request syntax, size too large, invalid request message framing, or deceptive request routing).

401 Unauthorized

Similar to 403 Forbidden, but specifically for use when authentication is required and has failed or has not yet been provided. The response must include a WWW-Authenticate header field containing a challenge applicable to the requested resource. See Basic access authentication and Digest access authentication. 401 semantically means «unauthorised», the user does not have valid authentication credentials for the target resource.

Some sites incorrectly issue HTTP 401 when an IP address is banned from the website (usually the website domain) and that specific address is refused permission to access a website.^{[citation needed]}

402 Payment Required

Reserved for future use. The original intention was that this code might be used as part of some form of digital cash or micropayment scheme, as proposed, for example, by GNU Taler,^[14] but that has not yet happened, and this code is not widely used. Google Developers API uses this status if a particular developer has exceeded the daily limit on requests.^[15] Sipgate uses this code if an account does not have sufficient funds to start a call.^[16] Shopify uses this code when the store has not paid their fees and is temporarily disabled.^[17] Stripe uses this code for failed payments where parameters were correct, for example blocked fraudulent payments.^[18]

403 Forbidden

The request contained valid data and was understood by the server, but the server is refusing action. This may be due to the user not having the necessary permissions for a resource or needing an account of some sort, or attempting a prohibited action (e.g. creating a duplicate record where only one is allowed). This code is also typically used if the request provided authentication by answering the WWW-Authenticate header field challenge, but the server did not accept that authentication. The request should not be repeated.

404 Not Found

The requested resource could not be found but may be available in the future. Subsequent requests by the client are permissible.

405 Method Not Allowed

A request method is not supported for the requested resource; for example, a GET request on a form that requires data to be presented via POST, or a PUT request on a read-only resource.

406 Not Acceptable

The requested resource is capable of generating only content not acceptable according to the Accept headers sent in the request. See Content negotiation.

407 Proxy Authentication Required

The client must first authenticate itself with the proxy.

408 Request Timeout

The server timed out waiting for the request. According to HTTP specifications: «The client did not produce a request within the time that the server was prepared to wait. The client MAY repeat the request without modifications at any later time.»

409 Conflict

Indicates that the request could not be processed because of conflict in the current state of the resource, such as an edit conflict between multiple simultaneous updates.

410 Gone

Indicates that the resource requested was previously in use but is no longer available and will not be available again. This should be used when a resource has been intentionally removed and the resource should be purged. Upon receiving a 410 status code, the client should not request the resource in the future. Clients such as search engines should remove the resource from their indices. Most use cases do not require clients and search engines to purge the resource, and a «404 Not Found» may be used instead.

411 Length Required

The request did not specify the length of its content, which is required by the requested resource.

412 Precondition Failed

The server does not meet one of the preconditions that the requester put on the request header fields.

413 Payload Too Large

The request is larger than the server is willing or able to process. Previously called «Request Entity Too Large» in RFC 2616.^[19]

414 URI Too Long

The URI provided was too long for the server to process. Often the result of too much data being encoded as a query-string of a GET request, in which case it should be converted to a POST request. Called «Request-URI Too Long» previously in RFC 2616.^[20]

415 Unsupported Media Type

The request entity has a media type which the server or resource does not support. For example, the client uploads an image as image/svg+xml, but the server requires that images use a different format.

416 Range Not Satisfiable

The client has asked for a portion of the file (byte serving), but the server cannot supply that portion. For example, if the client asked for a part of the file that lies beyond the end of the file. Called «Requested Range Not Satisfiable» previously RFC 2616.^[21]

417 Expectation Failed

The server cannot meet the requirements of the Expect request-header field.^[22]

418 I’m a teapot (RFC 2324, RFC 7168)

This code was defined in 1998 as one of the traditional IETF April Fools’ jokes, in RFC 2324, Hyper Text Coffee Pot Control Protocol, and is not expected to be implemented by actual HTTP servers. The RFC specifies this code should be returned by teapots requested to brew coffee.^[23] This HTTP status is used as an Easter egg in some websites, such as Google.com’s «I’m a teapot» easter egg.^[24][25][26] Sometimes, this status code is also used as a response to a blocked request, instead of the more appropriate 403 Forbidden.^[27][28]

421 Misdirected Request

The request was directed at a server that is not able to produce a response (for example because of connection reuse).

422 Unprocessable Entity

The request was well-formed but was unable to be followed due to semantic errors.^[9]

423 Locked (WebDAV; RFC 4918)

The resource that is being accessed is locked.^[9]

424 Failed Dependency (WebDAV; RFC 4918)

The request failed because it depended on another request and that request failed (e.g., a PROPPATCH).^[9]

425 Too Early (RFC 8470)

Indicates that the server is unwilling to risk processing a request that might be replayed.

426 Upgrade Required

The client should switch to a different protocol such as TLS/1.3, given in the Upgrade header field.

428 Precondition Required (RFC 6585)

The origin server requires the request to be conditional. Intended to prevent the ‘lost update’ problem, where a client GETs a resource’s state, modifies it, and PUTs it back to the server, when meanwhile a third party has modified the state on the server, leading to a conflict.^[29]

429 Too Many Requests (RFC 6585)

The user has sent too many requests in a given amount of time. Intended for use with rate-limiting schemes.^[29]

431 Request Header Fields Too Large (RFC 6585)

The server is unwilling to process the request because either an individual header field, or all the header fields collectively, are too large.^[29]

451 Unavailable For Legal Reasons (RFC 7725)

A server operator has received a legal demand to deny access to a resource or to a set of resources that includes the requested resource.^[30] The code 451 was chosen as a reference to the novel Fahrenheit 451 (see the Acknowledgements in the RFC).

5xx server errors

The server failed to fulfil a request.

Response status codes beginning with the digit «5» indicate cases in which the server is aware that it has encountered an error or is otherwise incapable of performing the request. Except when responding to a HEAD request, the server should include an entity containing an explanation of the error situation, and indicate whether it is a temporary or permanent condition. Likewise, user agents should display any included entity to the user. These response codes are applicable to any request method.

500 Internal Server Error

A generic error message, given when an unexpected condition was encountered and no more specific message is suitable.

501 Not Implemented

The server either does not recognize the request method, or it lacks the ability to fulfil the request. Usually this implies future availability (e.g., a new feature of a web-service API).

502 Bad Gateway

The server was acting as a gateway or proxy and received an invalid response from the upstream server.

503 Service Unavailable

The server cannot handle the request (because it is overloaded or down for maintenance). Generally, this is a temporary state.^[31]

504 Gateway Timeout

The server was acting as a gateway or proxy and did not receive a timely response from the upstream server.

505 HTTP Version Not Supported

The server does not support the HTTP version used in the request.

506 Variant Also Negotiates (RFC 2295)

Transparent content negotiation for the request results in a circular reference.^[32]

507 Insufficient Storage (WebDAV; RFC 4918)

The server is unable to store the representation needed to complete the request.^[9]

508 Loop Detected (WebDAV; RFC 5842)

The server detected an infinite loop while processing the request (sent instead of 208 Already Reported).

510 Not Extended (RFC 2774)

Further extensions to the request are required for the server to fulfil it.^[33]

511 Network Authentication Required (RFC 6585)

The client needs to authenticate to gain network access. Intended for use by intercepting proxies used to control access to the network (e.g., «captive portals» used to require agreement to Terms of Service before granting full Internet access via a Wi-Fi hotspot).^[29]

Unofficial codes

The following codes are not specified by any standard.

419 Page Expired (Laravel Framework)

Used by the Laravel Framework when a CSRF Token is missing or expired.

420 Method Failure (Spring Framework)

A deprecated response used by the Spring Framework when a method has failed.^[34]

420 Enhance Your Calm (Twitter)

Returned by version 1 of the Twitter Search and Trends API when the client is being rate limited; versions 1.1 and later use the 429 Too Many Requests response code instead.^[35] The phrase «Enhance your calm» comes from the 1993 movie Demolition Man, and its association with this number is likely a reference to cannabis.^{[citation needed]}

430 Request Header Fields Too Large (Shopify)

Used by Shopify, instead of the 429 Too Many Requests response code, when too many URLs are requested within a certain time frame.^[36]

450 Blocked by Windows Parental Controls (Microsoft)

The Microsoft extension code indicated when Windows Parental Controls are turned on and are blocking access to the requested webpage.^[37]

498 Invalid Token (Esri)

Returned by ArcGIS for Server. Code 498 indicates an expired or otherwise invalid token.^[38]

499 Token Required (Esri)

Returned by ArcGIS for Server. Code 499 indicates that a token is required but was not submitted.^[38]

509 Bandwidth Limit Exceeded (Apache Web Server/cPanel)

The server has exceeded the bandwidth specified by the server administrator; this is often used by shared hosting providers to limit the bandwidth of customers.^[39]

529 Site is overloaded

Used by Qualys in the SSLLabs server testing API to signal that the site can’t process the request.^[40]

530 Site is frozen

Used by the Pantheon Systems web platform to indicate a site that has been frozen due to inactivity.^[41]

598 (Informal convention) Network read timeout error

Used by some HTTP proxies to signal a network read timeout behind the proxy to a client in front of the proxy.^[42]

599 Network Connect Timeout Error

An error used by some HTTP proxies to signal a network connect timeout behind the proxy to a client in front of the proxy.

Internet Information Services

Microsoft’s Internet Information Services (IIS) web server expands the 4xx error space to signal errors with the client’s request.

440 Login Time-out

The client’s session has expired and must log in again.^[43]

449 Retry With

The server cannot honour the request because the user has not provided the required information.^[44]

451 Redirect

Used in Exchange ActiveSync when either a more efficient server is available or the server cannot access the users’ mailbox.^[45] The client is expected to re-run the HTTP AutoDiscover operation to find a more appropriate server.^[46]

IIS sometimes uses additional decimal sub-codes for more specific information,^[47] however these sub-codes only appear in the response payload and in documentation, not in the place of an actual HTTP status code.

nginx

The nginx web server software expands the 4xx error space to signal issues with the client’s request.^[48][49]

444 No Response

Used internally^[50] to instruct the server to return no information to the client and close the connection immediately.

494 Request header too large

Client sent too large request or too long header line.

495 SSL Certificate Error

An expansion of the 400 Bad Request response code, used when the client has provided an invalid client certificate.

496 SSL Certificate Required

An expansion of the 400 Bad Request response code, used when a client certificate is required but not provided.

497 HTTP Request Sent to HTTPS Port

An expansion of the 400 Bad Request response code, used when the client has made a HTTP request to a port listening for HTTPS requests.

499 Client Closed Request

Used when the client has closed the request before the server could send a response.

Cloudflare

Cloudflare’s reverse proxy service expands the 5xx series of errors space to signal issues with the origin server.^[51]

520 Web Server Returned an Unknown Error

The origin server returned an empty, unknown, or unexpected response to Cloudflare.^[52]

521 Web Server Is Down

The origin server refused connections from Cloudflare. Security solutions at the origin may be blocking legitimate connections from certain Cloudflare IP addresses.

522 Connection Timed Out

Cloudflare timed out contacting the origin server.

523 Origin Is Unreachable

Cloudflare could not reach the origin server; for example, if the DNS records for the origin server are incorrect or missing.

524 A Timeout Occurred

Cloudflare was able to complete a TCP connection to the origin server, but did not receive a timely HTTP response.

525 SSL Handshake Failed

Cloudflare could not negotiate a SSL/TLS handshake with the origin server.

526 Invalid SSL Certificate

Cloudflare could not validate the SSL certificate on the origin web server. Also used by Cloud Foundry’s gorouter.

527 Railgun Error

Error 527 indicates an interrupted connection between Cloudflare and the origin server’s Railgun server.^[53]

530

Error 530 is returned along with a 1xxx error.^[54]

AWS Elastic Load Balancer

Amazon’s Elastic Load Balancing adds a few custom return codes

460

Client closed the connection with the load balancer before the idle timeout period elapsed. Typically when client timeout is sooner than the Elastic Load Balancer’s timeout.^[55]

463

The load balancer received an X-Forwarded-For request header with more than 30 IP addresses.^[55]

464

Incompatible protocol versions between Client and Origin server.^[55]

561 Unauthorized

An error around authentication returned by a server registered with a load balancer. You configured a listener rule to authenticate users, but the identity provider (IdP) returned an error code when authenticating the user.^[55]

Caching warning codes (obsoleted)

The following caching related warning codes were specified under RFC 7234. Unlike the other status codes above, these were not sent as the response status in the HTTP protocol, but as part of the «Warning» HTTP header.^[56][57]

Since this «Warning» header is often neither sent by servers nor acknowledged by clients, this header and its codes were obsoleted by the HTTP Working Group in 2022 with RFC 9111.^[58]

110 Response is Stale

The response provided by a cache is stale (the content’s age exceeds a maximum age set by a Cache-Control header or heuristically chosen lifetime).

111 Revalidation Failed

The cache was unable to validate the response, due to an inability to reach the origin server.

112 Disconnected Operation

The cache is intentionally disconnected from the rest of the network.

113 Heuristic Expiration

The cache heuristically chose a freshness lifetime greater than 24 hours and the response’s age is greater than 24 hours.

199 Miscellaneous Warning

Arbitrary, non-specific warning. The warning text may be logged or presented to the user.

214 Transformation Applied

Added by a proxy if it applies any transformation to the representation, such as changing the content encoding, media type or the like.

299 Miscellaneous Persistent Warning

Same as 199, but indicating a persistent warning.

See also

• Custom error pages
• List of FTP server return codes
• List of HTTP header fields
• List of SMTP server return codes
• Common Log Format

Explanatory notes

References

External links

• «RFC 9110: HTTP Semantics and Content, Section 15 «Status Codes»«.
• Hypertext Transfer Protocol (HTTP) Status Code Registry at the Internet Assigned Numbers Authority
• MDN status code reference at mozilla.org