2015-11-06 22:55:41 +01:00
|
|
|
---
|
|
|
|
set: 5
|
|
|
|
code: 511
|
|
|
|
title: Network Authentication Required
|
2016-04-19 15:19:17 +02:00
|
|
|
references:
|
|
|
|
"Symfony HTTP Status Constant": "Response::HTTP_NETWORK_AUTHENTICATION_REQUIRED"
|
2015-11-06 22:55:41 +01:00
|
|
|
---
|
|
|
|
|
2015-11-09 02:54:09 +01:00
|
|
|
The client needs to authenticate to gain network access.
|
2015-11-07 06:05:36 +01:00
|
|
|
|
|
|
|
The response representation SHOULD contain a link to a resource that allows the
|
|
|
|
user to submit credentials (e.g., with an HTML form).
|
|
|
|
|
|
|
|
Note that the 511 response SHOULD NOT contain a challenge or the login interface
|
|
|
|
itself, because browsers would show the login interface as being associated with
|
|
|
|
the originally requested URL, which may cause confusion.
|
|
|
|
|
|
|
|
The 511 status SHOULD NOT be generated by origin servers; it is intended for use
|
|
|
|
by intercepting proxies that are interposed as a means of controlling access to
|
|
|
|
the network.
|
|
|
|
|
|
|
|
Responses with the 511 status code MUST NOT be stored by a cache.
|
|
|
|
|
|
|
|
The 511 status code is designed to mitigate problems caused by "captive portals"
|
|
|
|
to software (especially non-browser agents) that is expecting a response from
|
|
|
|
the server that a request was made to, not the intervening network infrastructure.
|
|
|
|
It is not intended to encourage deployment of captive portals -- only to limit
|
|
|
|
the damage caused by them.
|
|
|
|
|
|
|
|
A network operator wishing to require some authentication, acceptance of terms,
|
|
|
|
or other user interaction before granting access usually does so by identifying
|
|
|
|
clients who have not done so ("unknown clients") using their Media Access
|
|
|
|
Control (MAC) addresses.
|
|
|
|
|
|
|
|
Unknown clients then have all traffic blocked, except for that on TCP port 80,
|
|
|
|
which is sent to an HTTP server (the "login server") dedicated to "logging in"
|
|
|
|
unknown clients, and of course traffic to the login server itself.
|
|
|
|
|
|
|
|
For example, a user agent might connect to a network and make the following HTTP
|
|
|
|
request on TCP port 80:
|
|
|
|
|
|
|
|
```
|
|
|
|
GET /index.htm HTTP/1.1
|
|
|
|
Host: www.example.com
|
|
|
|
```
|
|
|
|
|
|
|
|
Upon receiving such a request, the login server would generate a 511 response:
|
|
|
|
|
|
|
|
```
|
|
|
|
HTTP/1.1 511 Network Authentication Required
|
|
|
|
Content-Type: text/html
|
|
|
|
|
|
|
|
<html>
|
|
|
|
<head>
|
2015-11-09 20:01:11 +01:00
|
|
|
<title>Network Authentication Required</title>
|
|
|
|
<meta http-equiv="refresh" content="0; url=https://login.example.net/">
|
2015-11-07 06:05:36 +01:00
|
|
|
</head>
|
|
|
|
<body>
|
2015-11-09 20:01:11 +01:00
|
|
|
<p>You need to <a href="https://login.example.net/">
|
|
|
|
authenticate with the local network</a> in order to gain
|
|
|
|
access.</p>
|
2015-11-07 06:05:36 +01:00
|
|
|
</body>
|
|
|
|
</html>
|
|
|
|
```
|
|
|
|
|
|
|
|
Here, the 511 status code assures that non-browser clients will not interpret
|
|
|
|
the response as being from the origin server, and the META HTML element
|
|
|
|
redirects the user agent to the login server.
|
|
|
|
|
2015-11-09 02:54:09 +01:00
|
|
|
---
|
|
|
|
|
|
|
|
* Source: [RFC6585 Section 6][1]
|
2015-11-07 06:05:36 +01:00
|
|
|
|
2016-04-19 15:19:17 +02:00
|
|
|
[1]: <http://tools.ietf.org/html/rfc6585#section-6>
|