Re: HTTP status code for "access blocked to protect you against malware/phishing/etc"?

Hi Stephane,

451 was standardised because we found a plausible use case for automated consumption of the status code, and folks were were interested in implementing. I don't see that here yet.

Additionally, there was a general wariness of having a status code for every possible kind of problem that might be encountered; we'd quickly exhaust the status code space if we did so. 

So, if there is such a use case, we should examine satisfying it with the response body and/or a header first.

Cheers,


> On 20 Nov 2017, at 10:37 pm, Stephane Bortzmeyer <bortzmeyer@nic.fr> wrote:
> 
> We have 451 for "unavailable for legal reasons" but I find
> <https://www.iana.org/assignments/http-status-codes/http-status-codes.xml>
> no code for "Unavailable because we have blocked access to this
> malware/phishing/bad site".  Since there are many network middleboxes
> which do this sort of blocking, would it be a good idea to have a
> specific status code?
> 
> The only draft I've found about this specific idea is
> <https://datatracker.ietf.org/doc/draft-lemon-tls-blocking-alert/>,
> but it is TLS-specific.
> 

--
Mark Nottingham   https://www.mnot.net/

Received on Tuesday, 21 November 2017 00:12:22 UTC