W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2008

Re: 503, 403 & Retry-After: enforcing a limit on the number of requests allowed

From: Henrik Nordström <henrik@henriknordstrom.net>
Date: Fri, 08 Feb 2008 16:18:17 +0100
To: Hugo Haas <hugo@yahoo-inc.com>
Cc: ietf-http-wg@w3.org
Message-Id: <1202483897.2873.6.camel@hlaptop>
ons 2008-02-06 klockan 11:04 -0800 skrev Hugo Haas:

> 503 ("The server is currently unable to handle the request due to a 
> temporary overloading or maintenance of the server.") is tempting 
> because of the Retry-After header: the server can tell the client to try 
> again in 40 seconds. However, the server has not really failed to 
> process the request, it *chose* not to process it, because the client 
> did something it should not have done.

Well, the request was correctly formed and only rejected because of the
preference of the server to not process that request at the moment so
5xx is the proper family to select from I think. The client do not need
to change the request in any manner to complete the request, just wait
and try again when the server condition have cleared.

and 503 is the closest among the defined ones as you point out.

Additionally the specs do not define how a server is to define
"overload", and imho a client sending more than the allocated share of
requests/s pretty well qualifies as the client has overloaded it's share
of the server resources.

403 is not suitable as it's a permanent error saying you are not allowed
to perform this action on the requested resource under any conditions.
Pointless to retry.

Regards
Henrik

Received on Friday, 8 February 2008 15:19:10 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:50:36 GMT