HTTP 451

Last updated

A 451 status code returned by the Defense Distributed website to a client in Pennsylvania, 30 July 2018. Status code 451 example.png
A 451 status code returned by the Defense Distributed website to a client in Pennsylvania, 30 July 2018.

In computer networking, HTTP 451 Unavailable For Legal Reasons is a proposed standard error status code of the HTTP protocol to be displayed when the user requests a resource which cannot be served for legal reasons, such as a web page censored by a government. The number 451 is a reference to Ray Bradbury's 1953 dystopian novel Fahrenheit 451 , in which books are outlawed. [2] 451 provides more information than HTTP 403, which is often used for the same purpose. [3] This status code is currently a proposed standard in RFC   7725 but is not yet formally a part of HTTP, as of RFC   9110.

Contents

Examples of situations where an HTTP 451 error code could be displayed include web pages deemed a danger to national security, or web pages deemed to violate copyright, privacy, blasphemy laws, or any other law or court order.

After introduction of the GDPR in the EEA it became common practice for websites located outside the EEA to serve HTTP 451 errors to EEA visitors instead of trying to comply with this new privacy law. For instance, many regional U.S. news sites no longer serve web browsers from the EU. [4] [5] [6]

The RFC is specific that a 451 response does not indicate whether the resource exists but requests for it have been blocked, if the resource has been removed for legal reasons and no longer exists, or even if the resource has never existed, but any discussion of its topic has been legally forbidden (see injunction). [7] Some sites have previously returned HTTP 404 (missing) or similar if they are not legally permitted to disclose that the resource has been removed. It is used in the United Kingdom by some Internet service providers utilising the Internet Watch Foundation blacklist, returning a 404 message or another error message instead of showing a message indicating the site is blocked. [8] [9]

The status code was formally proposed in 2013 by Tim Bray, following earlier informal proposals by Chris Applegate [10] in 2008 and Terence Eden [11] in 2012. It was approved by the IETF on December 18, 2015. [12] It was published as in the Proposed Standard RFC   7725 in February 2016.

HTTP 451 was mentioned by the BBC's From Our Own Correspondent programme, as an indication of the effects of sanctions on Sudan and the inability to access Airbnb, the App Store, or other Western web services. [13]

Usage

A 451 error message being displayed when visiting a website in mainland China HTTP 451 (Chromium).png
A 451 error message being displayed when visiting a website in mainland China

When an entity intercepts the request and returns status 451, it should include a "Link" HTTP header field whose value is a URI reference identifying itself. The "Link" header field must then have a "rel" parameter whose value is "blocked-by". This is intended to identify the entity implementing the blocking (an ISP, DNS provider, caching system, etc.), not the legal authority mandating the block. [14] At an IETF hackathon, participants used a web crawler to discover that several implementations misunderstood this header and gave the legal authority instead. [15]

Additional uses

The meaning of "a resource which cannot be served for legal reasons" has been interpreted to extend beyond government censorship:

Example

An American website not served to European users to avoid compliance with the General Data Protection Regulation. European HTTP 451.png
An American website not served to European users to avoid compliance with the General Data Protection Regulation.
HTTP/1.1451Unavailable For Legal ReasonsLink:<https://search.example.net/legal>; rel="blocked-by"Content-Type:text/html<html><head><title>Unavailable For Legal Reasons</title></head><body><h1>Unavailable For Legal Reasons</h1><p>This request may not be serviced in the Roman Province   of Judea due to the Lex Julia Majestatis, which disallows   access to resources hosted on servers deemed to be   operated by the People's Front of Judea.</p></body></html>

See also

Related Research Articles

<span class="mw-page-title-main">HTTP</span> Application protocol for distributed, collaborative, hypermedia information systems

HTTP is an application layer protocol in the Internet protocol suite model for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web, where hypertext documents include hyperlinks to other resources that the user can easily access, for example by a mouse click or by tapping the screen in a web browser.

<span class="mw-page-title-main">Web server</span> Computer software that distributes web pages

A web server is computer software and underlying hardware that accepts requests via HTTP or its secure variant HTTPS. A user agent, commonly a web browser or web crawler, initiates communication by making a request for a web page or other resource using HTTP, and the server responds with the content of that resource or an error message. A web server can also accept and store resources sent from the user agent if configured to do so.

<span class="mw-page-title-main">HTTP 404</span> Internet error message

In computer network communications, the HTTP 404, 404 not found, 404, 404 error, page not found, or file not found error message is a hypertext transfer protocol (HTTP) standard response code, to indicate that the browser was able to communicate with a given server, but the server could not find what was requested. The error may also be used when a server does not wish to disclose whether it has the requested information.

URL redirection, also called URL forwarding, is a World Wide Web technique for making a web page available under more than one URL address. When a web browser attempts to open a URL that has been redirected, a page with a different URL is opened. Similarly, domain redirection or domain forwarding is when all pages in a URL domain are redirected to a different domain, as when wikipedia.com and wikipedia.net are automatically redirected to wikipedia.org.

Web standards are the formal, non-proprietary standards and other technical specifications that define and describe aspects of the World Wide Web. In recent years, the term has been more frequently associated with the trend of endorsing a set of standardized best practices for building web sites, and a philosophy of web design and development that includes those methods.

In computing, syslog is a standard for message logging. It allows separation of the software that generates messages, the system that stores them, and the software that reports and analyzes them. Each message is labeled with a facility code, indicating the type of system generating the message, and is assigned a severity level.

WHOIS is a query and response protocol that is used for querying databases that store an Internet resource's registered users or assignees. These resources include domain names, IP address blocks and autonomous systems, but it is also used for a wider range of other information. The protocol stores and delivers database content in a human-readable format. The current iteration of the WHOIS protocol was drafted by the Internet Society, and is documented in RFC 3912.

<span class="mw-page-title-main">HTTP cookie</span> Small pieces of data stored by a web browser while on a website

HTTP cookies are small blocks of data created by a web server while a user is browsing a website and placed on the user's computer or other device by the user's web browser. Cookies are placed on the device used to access a website, and more than one cookie may be placed on a user's device during a session.

<span class="mw-page-title-main">HTTP referer</span> HTTP header field

In HTTP, "Referer" is an optional HTTP header field that identifies the address of the web page, from which the resource has been requested. By checking the referrer, the server providing the new web page can see where the request originated.

<span class="mw-page-title-main">HTTP 403</span> HTTP status code indicating that access is forbidden to a resource

HTTP 403 is an HTTP status code meaning access to the requested resource is forbidden. The server understood the request, but will not fulfill it, if it was correct.

HTTP Status Code 402, also known as "Payment Required," is a standard response code in the Hypertext Transfer Protocol (HTTP). It is part of the HTTP/1.1 protocol defined by the Internet Engineering Task Force (IETF) in the RFC 7231 specification.

<span class="mw-page-title-main">HTTP location</span> Instruction by web server containing the intended location of a web page.

The HTTP Location header field is returned in responses from an HTTP server under two circumstances:

  1. To ask a web browser to load a different web page. In this circumstance, the Location header should be sent with an HTTP status code of 3xx. It is passed as part of the response by a web server when the requested URI has:
  2. To provide information about the location of a newly created resource. In this circumstance, the Location header should be sent with an HTTP status code of 201 or 202.

HTTP Strict Transport Security (HSTS) is a policy mechanism that helps to protect websites against man-in-the-middle attacks such as protocol downgrade attacks and cookie hijacking. It allows web servers to declare that web browsers should automatically interact with it using only HTTPS connections, which provide Transport Layer Security (TLS/SSL), unlike the insecure HTTP used alone. HSTS is an IETF standards track protocol and is specified in RFC 6797.

<span class="mw-page-title-main">WebSocket</span> Computer network protocol

WebSocket is a computer communications protocol, providing a simultaneous two-way communication channel over a single Transmission Control Protocol (TCP) connection. The WebSocket protocol was standardized by the IETF as RFC 6455 in 2011. The current specification allowing web applications to use this protocol is known as WebSockets. It is a living standard maintained by the WHATWG and a successor to The WebSocket API from the W3C.

Constrained Application Protocol (CoAP) is a specialized UDP-based Internet application protocol for constrained devices, as defined in RFC 7252. It enables those constrained devices called "nodes" to communicate with the wider Internet using similar protocols. CoAP is designed for use between devices on the same constrained network, between devices and general nodes on the Internet, and between devices on different constrained networks both joined by an internet. CoAP is also being used via other mechanisms, such as SMS on mobile communication networks.

The Session Initiation Protocol (SIP) is the signaling protocol selected by the 3rd Generation Partnership Project (3GPP) to create and control multimedia sessions with multiple participants in the IP Multimedia Subsystem (IMS). It is therefore a key element in the IMS framework.

<span class="mw-page-title-main">PATCH (HTTP)</span> Request method in the HTTP protocol

In computing, the PATCH method is a request method in HTTP for making partial changes to an existing resource. The PATCH method provides an entity containing a list of changes to be applied to the resource requested using the HTTP Uniform Resource Identifier (URI). The list of changes are supplied in the form of a PATCH document. If the requested resource does not exist then the server may create the resource depending on the PATCH document media type and permissions. The changes described in the PATCH document must be semantically well defined but can have a different media type than the resource being patched. Languages such as XML or JSON can be used in describing the changes in the PATCH document.

References

  1. "Attorney General Shapiro, Governor Wolf, State Police Successfully Block Access to 3D Downloadable Guns in Pennsylvania" (Press release). Pennsylvania Office of Attorney General. 29 July 2018.
  2. Flood, Alison (22 June 2012). "Call for Ray Bradbury to be honoured with internet error message". The Guardian . Retrieved 22 June 2012.
  3. Ducklin, Paul (19 August 2013). "HTTP error code 451: "Unavailable For Legal Reasons"". Naked Security. Sophos.
  4. Matt Burgess (29 August 2018). "The tyranny of GDPR popups and the websites failing to adapt". WIRED. Retrieved 1 October 2018.
  5. "More than 1,000 U.S. News sites are still unavailable in Europe, two months after GDPR took effect". www.niemanlab.org.
  6. "Major US news sites are still blocking Europeans due to GDPR". Engadget . Retrieved 27 July 2023.
  7. Bray, Tim (February 2016). "451 Unavailable For Legal Reasons". An HTTP Status Code to Report Legal Obstacles. sec. 3. doi: 10.17487/RFC7725 . RFC 7725.
  8. "Cleanfeed". ORG Wiki. Open Rights Group. If the request is for the blocked content then the proxy server will return a 404 error page to the customer
  9. Arthur, Charles (8 December 2008). "How the IWF blacklist stops you seeing the Scorpions' album cover". Technology blog, The Guardian . TCP Reset is sent back to the customer instead of content.
  10. Applegate, Chris (9 December 2008). "There is no HTTP code for censorship". qwghlm.co.uk. Archived from the original on 19 April 2021. Retrieved 23 December 2015.
  11. Byrne, Michael (21 December 2015). "The HTTP 451 Error Code for Censorship Is Now an Internet Standard". Vice . Retrieved 3 July 2020.
  12. Nottingham, Mark (18 December 2015). "Why 451?". mnot’s blog. Retrieved 20 December 2015.
  13. Sally Hayden (28 September 2017). From Our Own Correspondent (radio). BBC Radio 4.
  14. Bray, Tim (February 2016). "Identifying Blocking Entities". An HTTP Status Code to Report Legal Obstacles. sec. 4. doi: 10.17487/RFC7725 . RFC 7725.
  15. Stéphane Bortzmeyer (11 November 2017). "RFC Errata Report". IETF Tools. Retrieved 3 December 2018.

Commons-logo.svg Media related to HTTP 451 at Wikimedia Commons