|Security access control methods|
In computer networking, HTTP 451 Unavailable For Legal Reasons is an error status code of the HTTP protocol to be displayed when the user requests a resource which cannot be served for legal reasons, such as a web page censored by a government. The number 451 is a reference to Ray Bradbury's 1953 dystopian novel Fahrenheit 451, in which books are outlawed. 451 intends to provide more information than 403 Forbidden, which is often used for the same purpose. This status code is standardized in RFC 7725.
Examples of situations where an HTTP 451 error code could be displayed include web pages deemed a danger to national security, or web pages deemed to violate copyright, privacy, blasphemy laws, or any other law or court order.
The RFC is specific that a 451 response does not indicate whether the resource exists but requests for it have been blocked, if the resource has been removed for legal reasons and no longer exists, or even if the resource has never existed, but any discussion of its topic has been legally forbidden (see superinjunction). Some sites have previously returned HTTP 404 (Not Found) or similar if they are not legally permitted to disclose that the resource has been removed. Such a tactic is used in the United Kingdom by some Internet service providers utilising the Internet Watch Foundation blacklist, returning a 404 message or another error message instead of showing a message indicating the site is blocked.
The status code was formally proposed in 2013 by Tim Bray, following earlier informal proposals by Chris Applegate in 2008 and Terence Eden in 2012. It was approved by the IESG on December 18, 2015. It was published as RFC 7725 in February 2016.
HTTP 451 was mentioned by the BBC's From Our Own Correspondent program, as an indication of the effects of sanctions on Sudan and the inability to access Airbnb, iOS's App Store, or other Western web services.
After introduction of the GDPR in European Economic Area (EEA) many[which?][clarification needed] websites located outside EEA started to serve HTTP 451 instead of trying to comply with this new privacy law.
When an entity intercepts the request and returns status 451, it should include a "Link" HTTP header field whose value is a URI reference identifying itself. The "Link" header field must then have a "rel" parameter whose value is "blocked-by". This is intended to identify the entity implementing the blocking (an ISP, DNS provider, caching system, etc.), not the legal authority mandating the block. At an IETF hackathon, participants used a web crawler to discover that several implementations misunderstood this header and gave the legal authority instead.
HTTP/1.1 451 Unavailable For Legal Reasons Link: <https://search.example.net/legal>; rel="blocked-by" Content-Type: text/html <html> <head><title>Unavailable For Legal Reasons</title></head> <body> <h1>Unavailable For Legal Reasons</h1> <p>This request may not be serviced in the Roman Province of Judea due to the Lex Julia Majestatis, which disallows access to resources hosted on servers deemed to be operated by the People's Front of Judea.</p> </body> </html>
- "Attorney General Shapiro, Governor Wolf, State Police Successfully Block Access to 3D Downloadable Guns in Pennsylvania" (Press release). Pennsylvania Office of Attorney General. July 29, 2018.
- Flood, Alison (June 22, 2012). "Call for Ray Bradbury to be honoured with internet error message". The Guardian. Retrieved June 22, 2012.
- Ducklin, Paul (August 19, 2013). "HTTP error code 451: "Unavailable For Legal Reasons"". Naked Security. Sophos.
- Bray, Tim (February 2016). "451 Unavailable For Legal Reasons". An HTTP Status Code to Report Legal Obstacles. sec. 3. doi:10.17487/RFC7725. RFC 7725.
- "Cleanfeed". ORG Wiki. Open Rights Group.
If the request is for the blocked content then the proxy server will return a 404 error page to the customer
- Arthur, Charles (December 8, 2008). "How the IWF blacklist stops you seeing the Scorpions' album cover". Technology blog, The Guardian.
TCP Reset is sent back to the customer instead of content.
- Applegate, Chris (December 9, 2008). "There is no HTTP code for censorship". qwghlm.co.uk. Retrieved December 23, 2015.
- Byrne, Michael (21 December 2015). "The HTTP 451 Error Code for Censorship Is Now an Internet Standard". Vice. Retrieved 2020-07-03.
- Nottingham, Mark (December 18, 2015). "Why 451?". mnot’s blog. Retrieved December 20, 2015.
- Sally Hayden (28 September 2017). From Our Own Correspondent (radio). BBC Radio 4.
- Matt Burgess (2018-08-29). "The tyranny of GDPR popups and the websites failing to adapt". WIRED. Retrieved 2018-10-01.
- Bray, Tim (February 2016). "Identifying Blocking Entities". An HTTP Status Code to Report Legal Obstacles. sec. 4. doi:10.17487/RFC7725. RFC 7725.
- Stéphane Bortzmeyer (11 November 2017). "RFC Errata Report". IETF Tools. Retrieved 2018-12-03.