httpstatuses/contents/codes/511.md

---
set: 5
code: 511
title: Network Authentication Required
---

The 511 status code indicates that the client needs to authenticate to gain
network access.

The response representation SHOULD contain a link to a resource that allows the
user to submit credentials (e.g., with an HTML form).

Note that the 511 response SHOULD NOT contain a challenge or the login interface
itself, because browsers would show the login interface as being associated with
the originally requested URL, which may cause confusion.

The 511 status SHOULD NOT be generated by origin servers; it is intended for use
by intercepting proxies that are interposed as a means of controlling access to
the network.

Responses with the 511 status code MUST NOT be stored by a cache.

The 511 status code is designed to mitigate problems caused by "captive portals"
to software (especially non-browser agents) that is expecting a response from
the server that a request was made to, not the intervening network infrastructure.
It is not intended to encourage deployment of captive portals -- only to limit
the damage caused by them.

A network operator wishing to require some authentication, acceptance of terms,
or other user interaction before granting access usually does so by identifying
clients who have not done so ("unknown clients") using their Media Access
Control (MAC) addresses.

Unknown clients then have all traffic blocked, except for that on TCP port 80,
which is sent to an HTTP server (the "login server") dedicated to "logging in"
unknown clients, and of course traffic to the login server itself.

For example, a user agent might connect to a network and make the following HTTP
request on TCP port 80:

```
GET /index.htm HTTP/1.1
Host: www.example.com
```

Upon receiving such a request, the login server would generate a 511 response:

```
HTTP/1.1 511 Network Authentication Required
Content-Type: text/html

<html>
  <head>
     <title>Network Authentication Required</title>
     <meta http-equiv="refresh"
           content="0; url=https://login.example.net/">
  </head>
  <body>
     <p>You need to <a href="https://login.example.net/">
     authenticate with the local network</a> in order to gain
     access.</p>
  </body>
</html>
```

Here, the 511 status code assures that non-browser clients will not interpret
the response as being from the origin server, and the META HTML element
redirects the user agent to the login server.

Source: [RFC6585 Section 6][1]

[1]: <http://tools.ietf.org/html/rfc6585#section-6>
Adds missing status code files 2015-11-06 22:55:41 +01:00			`---`
			`set: 5`
			`code: 511`
			`title: Network Authentication Required`
			`---`

Adds 5xx class status codes with descriptions from latest standards 2015-11-07 06:05:36 +01:00			`The 511 status code indicates that the client needs to authenticate to gain`
			`network access.`

			`The response representation SHOULD contain a link to a resource that allows the`
			`user to submit credentials (e.g., with an HTML form).`

			`Note that the 511 response SHOULD NOT contain a challenge or the login interface`
			`itself, because browsers would show the login interface as being associated with`
			`the originally requested URL, which may cause confusion.`

			`The 511 status SHOULD NOT be generated by origin servers; it is intended for use`
			`by intercepting proxies that are interposed as a means of controlling access to`
			`the network.`

			`Responses with the 511 status code MUST NOT be stored by a cache.`

			`The 511 status code is designed to mitigate problems caused by "captive portals"`
			`to software (especially non-browser agents) that is expecting a response from`
			`the server that a request was made to, not the intervening network infrastructure.`
			`It is not intended to encourage deployment of captive portals -- only to limit`
			`the damage caused by them.`

			`A network operator wishing to require some authentication, acceptance of terms,`
			`or other user interaction before granting access usually does so by identifying`
			`clients who have not done so ("unknown clients") using their Media Access`
			`Control (MAC) addresses.`

			`Unknown clients then have all traffic blocked, except for that on TCP port 80,`
			`which is sent to an HTTP server (the "login server") dedicated to "logging in"`
			`unknown clients, and of course traffic to the login server itself.`

			`For example, a user agent might connect to a network and make the following HTTP`
			`request on TCP port 80:`

			```
			`GET /index.htm HTTP/1.1`
			`Host: www.example.com`
			```

			`Upon receiving such a request, the login server would generate a 511 response:`

			```
			`HTTP/1.1 511 Network Authentication Required`
			`Content-Type: text/html`

			`<html>`
			`<head>`
			`<title>Network Authentication Required</title>`
			`<meta http-equiv="refresh"`
			`content="0; url=https://login.example.net/">`
			`</head>`
			`<body>`
			`<p>You need to <a href="https://login.example.net/">`
			`authenticate with the local network</a> in order to gain`
			`access.</p>`
			`</body>`
			`</html>`
			```

			`Here, the 511 status code assures that non-browser clients will not interpret`
			`the response as being from the origin server, and the META HTML element`
			`redirects the user agent to the login server.`

			`Source: [RFC6585 Section 6][1]`

			`[1]: <http://tools.ietf.org/html/rfc6585#section-6>`