Common HTTP error codes: 100, 200, 300, 400, 500 series

 

HTTP status codes ranging from 100 to 199 are informational codes. If a browser is attempting to access a website and these codes are returned, they are normally not displayed onscreen. They are simply internal codes for the browser’s reference.

100 Continue

The HTTP 100 Continue informational status response code indicates that everything so far is OK and that the client should continue with the request or ignore it if it is already finished.

To have a server check the request's headers, a client must send Expect: 100-continue as a header in its initial request and receive a 100 Continue status code in response before sending the body.


Status codes ranging from 200 to 299 are success codes. These codes are used internally by the browser as a way of confirming the success and the current status of a request. Although these codes are not normally displayed, there are troubleshooting tools that can read them, and they can be invaluable in the diagnostic process.

HTTP Status Code 200: The "OK" Response

An HTTP status code 200 means success. The client has requested documents from the server. The server has replied to the client and given the client the documents. All is well.

You will rarely "see" this response out in the wild using a browser as a normal user. You would usually only see this response when you're using a digital marketing tool that shows you the status code specifically.

In general, you want to see 200 requests. They are good!

 

Status codes in the 300 to 399 range are redirection codes. They tell the Web browser that some other action must be performed in order to fulfill the request. Depending on the nature of this action, it may be performed automatically, or it may require additional user input. As an example, status code 301 indicates that a particular webpage has been permanently moved and that all future calls to the resource should be directed to a different URL.

300 – Multiple Choices

300 Multiple Choices is a redirect that is seldomly used in the real world. 300 Multiple Choices is encountered when a requested resource points to multiple destinations for the same requested document. A choice of action is presented to the end-user allowing them to select the choice desired.

301 – Moved Permanantly

One of the more common redirects used on the world wide web today. Moved Permenantly was used in each introductoy example begining this section.

301 Redirects are so common because of the way they are handled by Google. When Google updates a site index and notices the 301 Redirect, its spiders will attempt to update the site index and previos page rankings will be restored with little fluctuation.

Euro VPS Google Index

Doing a search for Euro VPS “/”* shows all pages were properly indexed following the 301 Redirect to HTTPS. When encountering a 301 Redirect bookmarks and automated user-agents should be updated to the new URI.

302 – Found

302 redirects should be used when a requested URI is temporarliy at a new location. Like the 301 Redirect – when the GET method is used, a 301 will provide means for the user-agent to be sent to the temporary URI location.

Unlike the 301 redirect user-agents should still continue using the URI pointing to the redirect – it is a temporary redirect.

303 – See Other

The 303 Redirect is a little different than each redirect we have discussed to this point. 303 is mainly for POST and PUT requests that are taken to a different URI than originally requested by the user-agent in its POST or PUT request.

An example could be when uploading a larger file that may take a few minutes:

  1. user-agent submits a large file using PUT or POST
  2. the file is destined to the original URI
  3. web-server returns a 303 redirecting to an upload status page
  4. user-agent will use GET via 303, requesting an upload status page

304 – Not Modified

The 304 Not Modified is used for caching purposes. 304 is sent as a status to a user-agent requesting a check on current status of a cached page.

If the page requsted is still current the user-agent is sent a 304. The user-agent will then forward its cached copy to be viewed by the end-user.

304 Redirect

Above is a check on a cached javascript file.

305 – Use Proxy

This status code is not used often .A 305 Redirect let’s the user-agent know a resource must be accessed thru a proxy server. The 305 should also return a proxy in the Location field.

A good example of when a 305 could potentialy be used in the real-world is a website using a reverse proxy to filter application-layer attacks like SQL injection with IPS filters deployed on the reverse proxy.

The host-name of the web-server could be www.acmeco.com. The physical, routable Internet facing IP address might be 192.168.1.129 (we use IP blocks non-routable over the internet to avoid using a real ip address that could be in service for examples).

However DNS could point to: 192.168.34.12, with reverse DNS resloving to webfilter.reverseproxy-provider.net. When the request is sent to www.acmeco.com it is first passed transparently thru the reverse-proxy to filter for web-bots, appliation layer attacks, and DOS attacks.

What if the attacker can figure out hops along the route. The the attacker can see the destination server is really 192.168.1.129?

After firing off an HTTP request with an SQL payload to the listening web-daemon on 192.168.1.129 a **305 Use Proxy ** is returned forcing the user-agent to re-direct through the reverse-proxy. Not allowing any access to the underlying web-application.

Most web browsers will not obey a 305 Redirect for security reasons. In the above example, this would still be 100% acceptable to the outcome of protecting the web-application. Because legitimate users will be using www.acmeco.com and letting traffic route through the reverse proxy with IPS filters.

Again, above is a hypothetical scenario where a 305 Redirect may work well. However, the 305 is not seen too often in the real world.

307 – Temporary Redirect

The 307 is similar to the 302 but requires the same request method be used on the redirected URI. This would be used, for example, when a POST request needs to be sent to another URI.

With a 302 a GET request should be used to obtain the redirected URI.

Next.

 

Status codes in the 400 range are considered to be client error codes. These kinds of error codes are often security related. 400 level error codes can also be returned if the request is malformed or if the client times out.

400 Bad Request

This error indicates that the user's request contains incorrect syntax.

401 Unauthorized

This error indicates that the requested file requires authentication (a username and password).

403 Forbidden

This error indicates that the server will not allow the visitor to access the requested file. If a visitor receives this code unexpectedly, you should check the file's permission settings, or check whether the file has been protected.

404 Not Found

This error indicates that the server could not find the file that the visitor requested. This commonly occurs when a URL is mistyped.

 

The 500 range status code are server errors, which means that server cannot process the request for an unknown reason.

5xx Errors

These errors are caused by the server being unable to fulfill an apparently valid request from a visitor. Often, you will need the help of a server administrator to investigate them.

It is also important to consider that quite often, a chain of servers is handling an HTTP request, so that it may not be your server that is returning the error.

500 Internal Server Error

This error indicates that the server has encountered an unexpected condition. This often occurs when an application request cannot be fulfilled due to the application being configured incorrectly on the server.

501 Not Implemented

This error indicates that the HTTP method sent by the client is not supported by the server. This is most often caused by the server being out of date. It is a very rare error and generally requires that the web server be updated.

502 Bad Gateway

This error is usually due to improperly configured proxy servers. However, the problem may also arise when there is poor IP communication between back—end computers, when the client's server is overloaded, or when a firewall is functioning improperly.

The first step in resolving the issue is to clear the client's cache. This action should result in a different proxy being used to resolve the web server's content.

503 Service Unavailable

This error occurs when the server is unable to handle requests due to a temporary overload or due to the server being temporarily closed for maintenance. The error indicates that the server will only temporarily be down. It is possible to receive other errors in place of 503.

Contact the server administrator if this problem persists.

504 Gateway Timeout

This error occurs when a server somewhere along the chain does not receive a timely response from a server further up the chain. The problem is caused entirely by slow communication between upstream computers.

To resolve this issue, contact the system administrator.

505 HTTP Version Not Supported

This error occurs when the server refuses to support the HTTP protocol that has been specified by the client computer. This can be caused by the protocol not being specified properly by the client computer; for example, if an invalid version number has been specified.

506 Variant Also Negotiates

This error indicates that the server is not properly configured. Contact the system administrator to resolve this issue.

507 Insufficient Storage

This error indicates that the server is out of free memory. This is most likely to occur when an application that is being requested cannot allocate the necessary system resources to run.

To resolve the issue, the server's hard disk may need to be cleaned of any unnecessary documents to free up more hard disk space, its memory may need to be expanded, or it may simply need to be restarted.

Contact the system administrator for more information regarding this error message.

509 Bandwidth Limit Exceeded

This error occurs when the bandwidth limit imposed by the system administrator has been reached. The only fix for this issue is to wait until the limit is reset in the following cycle.

Consult the system administrator for information about acquiring more bandwidth.

510 Not Extended

This error occurs when an extension attached to the HTTP request is not supported by the web server.

To resolve the issue, you may need to update the server. Consult the system administrator for more information.

 

Comments

Post a Comment

Popular posts from this blog

Child Domain and Trees - Active Directory Structure

Image
What is the Difference Between Child Domain and Tree Domain June 5, 2019 by Lithmee 3 min read The main difference between child domain and tree domain is that child domain is a logical grouping of network objects (domain) under a parent domain while tree domain is a set of domains in the active directory hierarchy. Overall, active directory is a directory service developed by Microsoft which operates similar to a usual directory. It helps in storing information about users, files, network resources and other objects. The domain controller is a server that uses the information of an active directory. And, this type of controller checks the user’s credentials and allow the users to access the required resources. Moreover, an object of an active directory is a physical entity that exists in the network. Therefore, a domain is a logical grouping of a set of objects whereas a child domain and tree domain are two terms related to a domain. Key Areas Co...
Read more