Which web servers implement the HTTP status code 418

Why remove

  1. Forums
  2. > Comments
  3. ›Internet
  4. ›All comments on the article
  5. ›HTTP Error 418: Error code" I am ...
  6. > Theme
  1. theme
  1. 1
  2. 2

New topic Change view


  1. Re: what to remove?

    Author: GodsBoss 11.10.17 - 21:32

    >> And that's why it should be a server error? What can the server do
    > if
    >> the client calls a non-existent page? May be that on
    > one
    >> wrong links are set on the web pages of the server, the request originates
    >> nevertheless from the client requesting a non-existent page. What should
    >> because the server would otherwise reply as a 404?
    >
    > Hopefully you already know that z. B. with Apache also a 404
    > is thrown back if z. B. the DirectoryIndex "wrong" or strange
    > is configured?

    The Apache web server project is a Implementation of an HTTP server and not decisive for the meaning of the HTTP codes. Due to the extensive configuration options, how well the actual HTTP status code fits conceptually depends on the specific settings; in addition, the application scenarios are so numerous that one does not necessarily switch from what is available in the specific case to an HTTP status Code, it would then be up to the administration to set it correctly.

    Incidentally, the "wrong" DirectoryIndex configuration can also be understood to mean that the Apache web server cannot find anything it could display, in which case a 404 Not Found would be completely correct.

    > Incidentally, the client can very well request an existing page that
    > again linked to a non-existing page, but you did
    > wisely, even rudimentarily established.

    That is irrelevant, the HTTP status codes can be seen in the context of a single HTTP request, it does not matter whether the URL that a client calls was embedded in the response of a previous HTTP request 1 second beforehand from exactly the server.

    >> Incidentally, missing file rights are in the 500 range.
    >
    > Exactly! But still the Apache z. B. with missing access rights
    > (ON THE SERVER !!!) NEN 403 back. What Apache returns is in the
    > Principle correct, but not a client problem, so not in the 400 range
    > to settle.
    >
    >> Otherwise the
    >> Server incorrectly configured.
    >
    > No, the server does everything correctly in this case.

    The 403 can definitely be right here. What I wrote above applies here: It depends on the scenario.
    For example, someone in a directory could all Want to make files available to everyone. In that case, a file that the Apache web server could not read, a configuration error and the status code 500 would be appropriate.
    Maybe the files are there for a reason, but access should be forbidden and always. Then a 403 is right. The second scenario is unsightly, because it would be better not to have the files there in the first place, but it could definitely be.

    >> 403 clearly says that the client
    >> has no authorization due to missing or incorrect login data,
    > this
    >> See page. E.g. because the visitor failed to get there beforehand
    > to
    >> register.
    >
    > Yes, also -> .htaccess
    > Incidentally, registration using the web form / DB is not a 403 from
    > Apache return but an error message, for example using PHP
    > is generated.

    1. See [forum.golem.de] - What is clearly meant here is 401, not 403.
    2. Perhaps not from Apache itself, but with PHP you can return any HTTP status code, so of course 401 or 403. Or 418, or 499.

    > Anyway, I've only been administering web servers for ~ 15 years,
    > I'm sure I just have no idea next.

    Not that, but if that was mainly the Apache web server, there is of course the risk of seeing its concrete form, as far as HTTP is concerned, as the measure of all things. It is always better to look at the standards:
    [tools.ietf.org] says: "The 4xx class of status code is intended for cases in which the client seems to have erred. (...)"
    [tools.ietf.org] says: "Response status codes beginning with the digit" 5 "indicate cases in which the server is aware that it has erred or is incapable of performing the request."
    Well, it's obsolete and there are now new standards:
    [tools.ietf.org] says: "The 4xx (Client Error) class of status code indicates that the client seems to have erred."
    [tools.ietf.org] says: "The 5xx (Server Error) class of status code indicates that the server is aware that it has erred or is incapable of performing the requested method."

    Speech is silver, silence is gold, my statements are platinum.

  2. Re: what to remove?

    Author: My1 11.10.17 - 22:35

    ne 403 on files can also be useful. For example if you have several users with HTTP Basic authentication but not everyone is allowed to everything, or also the popular hotlink protection.

    It is also possible for something where you really want to explicitly request authentication, i.e. that the user is authenticated, but the server intentionally does not ask for it (whatever for)

    Asperger inside (tm)

  3. Re: what to remove?

    Author: GodsBoss 12.10.17 - 07:08

    I take everything back and claim the opposite. With RFC 7231 ([tools.ietf.org]) the 401 was apparently taken out of the standard and 401 and 403 were merged: [tools.ietf.org]

    Speech is silver, silence is gold, my statements are platinum.

  4. Re: what to remove?

    Author: GodsBoss 12.10.17 - 07:11

    > ne 403 on files can also be useful. for example if you have several users
    > With HTTP Basic authentication, however, not everyone is allowed to do everything, or
    > But also the popular hotlink protection.
    >
    > It is also possible for something where you really explicitly have one
    > Require authentication so that the user authenticates himself
    > will, but the server intentionally does not ask for it (whatever)

    The access rights concerned the rights of the files themselves, which were designed in such a way that the Apache web server cannot read them. Authentication via HTTP will not help here. ;-)

    Speech is silver, silence is gold, my statements are platinum.

  5. Re: what to remove?

    Author: My1 12.10.17 - 08:18

    If the server cannot access it, this is clearly a 5 and not a 4.

    Asperger inside (tm)

  6. Re: what to remove?

    Author: eleven 12.10.17 - 11:47

    GodsBoss wrote:
    --------------------------------------------------------------------------------
    >> Incidentally, missing file rights are in the 500 range. Otherwise it is
    > the
    >> Server incorrectly configured. 403 says clearly that the client
    >> has no authorization due to missing or incorrect login data,
    > this
    >> See page. E.g. because the visitor failed to get there beforehand
    > to
    >> register.
    >
    > No, what you are describing is 401 Unauthorized, see
    > tools.ietf.org # section-10.4.2. No help against 403 Forbidden
    > Authentication:
    > "Authorization will not help and the request SHOULD NOT be repeated."
    > (Source: tools.ietf.org # section-10.4.4)

    May I refer you to sentence part 2 of your signature:
    "Talking is silver, silence is gold, my statements are platinum"

    Because part of the sentence 3 is complete nonsense, as you can see from your above post.

  1. theme
  1. 1
  2. 2

New topic Change view


To comment, please log in or register. You must also go to your account profile under Forum have assigned a username. To the login

  1. QUNDIS GmbH, Erfurt
  2. V-LINE EUROPE GmbH, Sehnde
  3. Deutsche Vermögensberatung AG, Frankfurt am Main
  4. L-Bank, Karlsruhe

Pure golem
  • Use Golem.de without advertising

  1. 315 € (comparison price 359 €)
  2. 199 € + 5 € shipping (compared price 283.56 € including shipping)
  3. 204.33 € with delivery time (comparative price 234.90 €)
  4. 159.90 € + 6.99 € shipping (comparison price 194.88 € including shipping)


Did we miss something?

Email to [email protected]


© 1997-2021 Golem.de. All rights reserved.