Re: Need to respond with a 403 status code?

What I'm trying to do is create an error reply to a POST request from a spam bot, or actual browser user who makes certain fatal errors.

So far you are sending a status header, but how to react to that is totally up to the client. A spam bot surely will not be impressed, it will just *shrug* at it, if at all... for humans you have to pass some meaningful content in the html body along with that code.

From RFC 2616 Hypertext Transfer Protocol -- HTTP/1.1:

10.4.4 403 Forbidden
The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated. If the request method was not HEAD and the server wishes to make public why the request has not been fulfilled, it SHOULD describe the reason for the refusal in the entity. If the server does not wish to make this information available to the client, the status code 404 (Not Found) can be used instead.

So, status 403 is just a hint to the client, and passing any meaningful information is up to you.

--shmem

_($_=" "x(1<<5)."?\n".q·/)Oo.  G°\        /
                              /\_¯/(q    /
----------------------------  \__(m.====·.(_("always off the crowd"))."·
");sub _{s./.($e="'Itrs `mnsgdq Gdbj O`qkdq")=~y/"-y/#-z/;$e.e && print}

Comment on Re: Need to respond with a 403 status code?

Replies are listed 'Best First'.
Re^2: Need to respond with a 403 status code? by jhourcle (Prior) on Apr 20, 2007 at 00:34 UTC
And, to confuse things further -- you need to send a large enough response. (MS knowledgebase #294807 ... which I'd link to, but they'll make you authenticate and such) Internet Explorer 5 and after will display a 'friendly' error message, which basically ignores the message sent, and just keys off of the error code -- if the message body is less than 512 bytes. So, make sure that your error messages are large enough, so that they actually get displayed.	[reply]
Re^3: Need to respond with a 403 status code? by JCHallgren (Sexton) on Apr 20, 2007 at 07:36 UTC
THANKS to all who have so kindly replied! I've ended up with the following, which shows fine in IE 6, even though it's somewhat short: `use CGI; $query = CGI::new(); print $query->header(-type=>'text/html', -status=>'403 Forbidden'); print $query->start_html('Acesss Forbidden!'); print $query->h1('Access Forbidden!'); print $query->p("Access to this resource is forbidden."); print $query->h2('Error 403'); print $query->end_html();` [download] As I have NO idea of exactly where to find default one from Apache on my host, and I may not have access to it via FTP anyway, so this will have to do...	[reply] [d/l]
Re^3: Need to respond with a 403 status code? by Anonymous Monk on Apr 20, 2007 at 03:43 UTC
So, make sure that your error messages are large enough, so that they actually get displayed. No.	[reply]