W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2012

Re: New Version Notification for draft-tbray-http-legally-restricted-status-00.txt

From: Willy Tarreau <w@1wt.eu>
Date: Thu, 14 Jun 2012 07:44:07 +0200
To: Mark Nottingham <mnot@mnot.net>
Cc: Amos Jeffries <squid3@treenet.co.nz>, ietf-http-wg@w3.org
Message-ID: <20120614054407.GC26590@1wt.eu>
Hi Mark,

On Thu, Jun 14, 2012 at 10:25:58AM +1000, Mark Nottingham wrote:
> On 14/06/2012, at 9:23 AM, Amos Jeffries wrote:
> > Would these types of differentiation between reasons for rejection be a
> > good case for Warning: codes on a 403 response?
> > 
> > ie
> > Warning: ... Legal Restriction
> > Warning: ... Local administrative policy
> > Warning: ... Authentication failed too many times. Your account is now closed
> > ...
> > 
> > The body of 403 can as easily contain the legal disclaimer text as any other 4xx code.
> 
> So, again -- what's the use case for a machine consuming these? I haven't
> seen one yet, unless I've missed something.

The only one I can think of is logging/accounting. Reporting to the user
"Accessing this content is illegal, this access has been logged" is for
the body, but having the user-facing proxy being able to log to a separate
file when such an event happens can probably make sense.

It reminds me an event which happened to a customer around 10 years ago,
which was a public administration. Some people noticed that one of their
offices was easy to open from the outside. And we discovered in their
proxy's logs that during the week-end, some people were coming there to
download and watch x-movies, probably because the internet access was
well sized for this, despite some filtering on the way. With automated
logging into a separate file, the local admin could have noticed the
event much earlier, because surely a number of attempts had failed.

I'm not saying this is the solution to improper log analysis, but it
shows one use case of machine-readable code.

BTW I like Amos' proposal much more than just a separate code. I was
wondering how many new codes we'd have if we created a new code for
this, and having a large set of possible warnings with the usual 403
seems a lot better to me.

Cheers,
Willy
Received on Thursday, 14 June 2012 05:44:54 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 14 June 2012 05:45:05 GMT