Seems like a good idea, but the wrong way to achieve it. The right way, as I understand it, would be to write it up as an RFC and submit it to the IETF; and to contribute code for it to some of the popular web servers (apache, nginx, etc). The site doesn't make any mention of either of those things.
I once worked somewhere where some resources could not be displayed to all clients. We chose to (ab)use HTTP 409 Conflict.
> 10.4.10 409 Conflict
> The request could not be completed due to a conflict with the current state of the resource. This code is only allowed in situations where it is expected that the user might be able to resolve the conflict and resubmit the request. The response body SHOULD include enough
> information for the user to recognize the source of the conflict. Ideally, the response entity would include enough information for the user or user agent to fix the problem; however, that might not be possible and is not required.
> Conflicts are most likely to occur in response to a PUT request. For example, if versioning were being used and the entity being PUT included changes to a resource which conflict with those made by an earlier (third-party) request, the server might use the 409 response to indicate that it can't complete the request. In this case, the response entity would likely contain a list of the differences between the two versions in a format defined by the response Content-Type.
"As a web user I want our ISPs/governments to give us a nice error page so we understand what is going on when they DNS block or seize websites"
Or is it saying:
"As a web-master, when have to take down content due to legal proceedings I want a nice HTTP code to return"
They give example of the first (Virgin Media), but that takes down an entire domain, so it's kind of irrelevant if the correct HTTP code is returned, it's not like that is going to be resolved quickly. 503 would be the correct code here.
The second might be useful to spiders (who might want to back-off spidering so often for a while), but then wouldn't you just want to show your users a 404 with a nice reason why the content has gone.
I'm also surprised (this Error Code was first mentioned, as far as I know, when Ray Bradbury died)… but I like the subtle Element of not Mentioning it.
Surely this should be within the 5xx range of status codes? I get there's a reference to be had using 451 but this is more of a server error than client.
Usually, 5xx means that the client could retry the request at a later time, and have it succeed. 4xx means the client should expect the request to fail forever unless something is changed.
Some HTTP clients (not browsers, but other things) take advantage of this by showing the user an error dialog on a 4xx error, but just retry at a later time on a 5xx error.
Well, the cool thing about HTTP error codes is that you don't need a campaign or get permission from the W3C, you can just start using them if you want.
Honestly, people who believe in this strongly enough should just start using them and provide themselves as examples of good use cases. That doesn't mean it shouldn't be campaigned for to get more people to use it.
There is a lot of discussion below on whether 451 is the right error code and how to implement it properly, but I'm missing one thing - what's the benefit of doing it as a status code at all?
If you're going to say that it raises censorship awareness - Internet protocols are intended as useful technical standards for programs to communicate, not vehicles for political goals.
What is the technical benefit of failing with a different error code? Is there need for client software to react differently to a 451 and a 403? The status code is not intended for the human user. If we want to raise awareness, than we already have means to do that - a 403 with a descriptive page citing the reasons. Many websites already do that when complying to DMCA takedowns.
Still, imho, 4XX could be a response for a given URL, but when "a website is blocked" (from the text of the previous URL), we should go to 5XX, as in 503 - service unavailable.
In this form I totally agree. Reason being that by haveing a block at the web server level in essence places the blocking to be done by the hosting site and blocking based upon location and content. This places the onus of censorship upon the host, which they can already code for if they want.
Not sure placeing the onus of censorship into the hands of the host and not the goverment with there IP/DNS blocks or however they impose such blocks (China has a nice firewall for outside China sites and I dare to think of how they block a website inside China though can bet it is just as effective).
That all said the posiblility to volantarly do the blocking in a way that the powers that be will accept and with that allow there country's owners to see parts of yoru site that are legal and not the illegal parts for them. Well that would possibily have uses and opens your site up still instead of a blanket ban.
Piratebay has legal torrents, yet they are blocked as some form of descrimnation blanket ban. So it does have it's possibilities, albiet a dangerous path that should not be tread lightly.
Is this really necessary? How about 456 - unavailable because someone spilled coffee on our backend server? Or 467 - unavailable because garden gnomes invaded our offices?
I can see some reasoning behind this, but the reasoning is that the emphasis of the problem is "people are angry at the site because something is blocked so let's show an error code reflecting the real reason." Using 451 would take the emphasis away from the site and onto the legal oppressor.
On the other hand, why not inverse all inaccessible content to legal oppressors? Change the default meaning of 403 for example to "Access denied for permissive or legal reasons".
Change the default meaning of 403? I don't think that's a good idea. When a user needs to be logged in to do something and they aren't, you show them 403. When access is restricted to people outside a network, they see 403. It'll be hard to force a new behaviour onto the existing web, easier to add a new HTTP code.
Yet it is, because the courts have a different opinion on this, and they decide what happens. So it's better to make it clear to the end user when it happens, so at least they are not kept in the dark, or are basically lied to, about the reason why they cannot see the document.
If the 451 code is returned by the web server because the site got a DMCA request, then HTTPS doesn't matter because the destination web server already decrypted the session to find the request that you're making before returning the code.
[+] [-] vilya|12 years ago|reply
Edit: oops, I was wrong. There is an RFC and it's linked from http://www.451unavailable.org/what-is-error-451/
[+] [-] orenbarzilai|12 years ago|reply
[+] [-] diminish|12 years ago|reply
[+] [-] merlincorey|12 years ago|reply
> 10.4.10 409 Conflict
> The request could not be completed due to a conflict with the current state of the resource. This code is only allowed in situations where it is expected that the user might be able to resolve the conflict and resubmit the request. The response body SHOULD include enough
> information for the user to recognize the source of the conflict. Ideally, the response entity would include enough information for the user or user agent to fix the problem; however, that might not be possible and is not required.
> Conflicts are most likely to occur in response to a PUT request. For example, if versioning were being used and the entity being PUT included changes to a resource which conflict with those made by an earlier (third-party) request, the server might use the 409 response to indicate that it can't complete the request. In this case, the response entity would likely contain a list of the differences between the two versions in a format defined by the response Content-Type.
[+] [-] edent|12 years ago|reply
My blog post which helped inspire it http://shkspr.mobi/blog/2012/06/there-is-no-http-code-for-ce...
Simultaneously glad and disgusted that there is a campaign around this.
[+] [-] chrisfarms|12 years ago|reply
"As a web user I want our ISPs/governments to give us a nice error page so we understand what is going on when they DNS block or seize websites"
Or is it saying:
"As a web-master, when have to take down content due to legal proceedings I want a nice HTTP code to return"
They give example of the first (Virgin Media), but that takes down an entire domain, so it's kind of irrelevant if the correct HTTP code is returned, it's not like that is going to be resolved quickly. 503 would be the correct code here.
The second might be useful to spiders (who might want to back-off spidering so often for a while), but then wouldn't you just want to show your users a 404 with a nice reason why the content has gone.
[+] [-] nwh|12 years ago|reply
[+] [-] marcosdumay|12 years ago|reply
> but then wouldn't you just want to show your users a 404 with a nice reason why the content has gone.
A 451 with a nice reason why the content was gone is better.
[+] [-] yxhuvud|12 years ago|reply
http://tools.ietf.org/html/draft-tbray-http-legally-restrict...
[+] [-] jvdh|12 years ago|reply
This is a very good way to make people aware of legal blocking, and to make sure that it is adopted.
[+] [-] DharmaSoldat|12 years ago|reply
Allow me to be the first.
Thankfully websites are not flammable.
[+] [-] unethical_ban|12 years ago|reply
[+] [-] walt74|12 years ago|reply
[+] [-] mcv|12 years ago|reply
Somehow seems fitting.
[+] [-] corobo|12 years ago|reply
[+] [-] dlitz|12 years ago|reply
Usually, 5xx means that the client could retry the request at a later time, and have it succeed. 4xx means the client should expect the request to fail forever unless something is changed.
Some HTTP clients (not browsers, but other things) take advantage of this by showing the user an error dialog on a 4xx error, but just retry at a later time on a 5xx error.
[+] [-] maaaats|12 years ago|reply
[+] [-] nailer|12 years ago|reply
- 4xx isn't appropriate as it's not a client error. - 5xx isn't appropriate because it's not a server error either.
[+] [-] venus|12 years ago|reply
[+] [-] nathan_long|12 years ago|reply
The issue is whether anyone else will expect this tag or code and do anything meaningful with it.
[+] [-] saraid216|12 years ago|reply
[+] [-] krajzeg|12 years ago|reply
If you're going to say that it raises censorship awareness - Internet protocols are intended as useful technical standards for programs to communicate, not vehicles for political goals.
What is the technical benefit of failing with a different error code? Is there need for client software to react differently to a 451 and a 403? The status code is not intended for the human user. If we want to raise awareness, than we already have means to do that - a 403 with a descriptive page citing the reasons. Many websites already do that when complying to DMCA takedowns.
[+] [-] eatitraw|12 years ago|reply
curl -I http://lurkmore.to/Конопля
[+] [-] saraid216|12 years ago|reply
[+] [-] nawitus|12 years ago|reply
[+] [-] txutxu|12 years ago|reply
Still, imho, 4XX could be a response for a given URL, but when "a website is blocked" (from the text of the previous URL), we should go to 5XX, as in 503 - service unavailable.
[+] [-] jvdh|12 years ago|reply
Messages to their volunteer address get a vacation message that they're away until September 1st.
[+] [-] nilved|12 years ago|reply
[+] [-] Zenst|12 years ago|reply
Not sure placeing the onus of censorship into the hands of the host and not the goverment with there IP/DNS blocks or however they impose such blocks (China has a nice firewall for outside China sites and I dare to think of how they block a website inside China though can bet it is just as effective).
That all said the posiblility to volantarly do the blocking in a way that the powers that be will accept and with that allow there country's owners to see parts of yoru site that are legal and not the illegal parts for them. Well that would possibily have uses and opens your site up still instead of a blanket ban.
[+] [-] alexchamberlain|12 years ago|reply
[+] [-] mrab|12 years ago|reply
[+] [-] javindo|12 years ago|reply
On the other hand, why not inverse all inaccessible content to legal oppressors? Change the default meaning of 403 for example to "Access denied for permissive or legal reasons".
[+] [-] daveid|12 years ago|reply
[+] [-] p_papageorgiou|12 years ago|reply
[+] [-] lsh|12 years ago|reply
I agree with your sentiment though - the internet _should_ be free.
[+] [-] nextw33k|12 years ago|reply
Content shouldn't be blocked, the Internet should be free and open. However without letting people know what's happening they will not complain.
Of course what the browser should display is:
451: The Right Honourable Claire Perry MP has deemed that you shouldn't be able to look at this site.
[+] [-] gpvos|12 years ago|reply
[+] [-] r00fus|12 years ago|reply
And the distance between them is measured as response code 451
[+] [-] taopao|12 years ago|reply
[+] [-] dlitz|12 years ago|reply
[+] [-] Osiris|12 years ago|reply