
Campaign for a new HTTP Error code: 451 - Blocked for legal reasons - JayEnn
http://www.451unavailable.org/
======
vilya
Seems like a good idea, but the wrong way to achieve it. The right way, as I
understand it, would be to write it up as an RFC and submit it to the IETF;
and to contribute code for it to some of the popular web servers (apache,
nginx, etc). The site doesn't make any mention of either of those things.

Edit: oops, I was wrong. There is an RFC and it's linked from
[http://www.451unavailable.org/what-is-
error-451/](http://www.451unavailable.org/what-is-error-451/)

~~~
orenbarzilai
Since the sites blocked on ISP level code contribution to apache/nginx or
other web servers is irrelevant.

~~~
drdaeman
Disclaimer: I work for an ISP and every ISP in Russia is legally required to
do the censorship (and mirror all traffic to FSB black boxes, but that's
another story). I'm not partucilarly happy with the situation, but can't do
anything about that.

Nginx is totally relevant as many ISPs including our use GNU/Linux boxes
running Nginx as a highly performant transparent proxy (there are TPROXY
patches for Nginx) to dive into HTTP traffic and do URL filtering (obviously,
after initial crude IP-based filtering). Costs less than those fancy Cisco
solutions, and it's not like we're willing to spend additional money on
something that downgrades the service.

Also, there are cases where actual sites are legally forced to remove
resources. Well, not really forced, but it's just a sort request too many
sites can't really decline. You either comply and remove a single page
(blocking for Russian visitors only seems sufficient), or get blocked on ISP
level and since many ISPs (including several giant ones) just blacklist a
whole IP address, that means your site becomes completely unavailable.

~~~
kintamanimatt
> I work for an ISP and every ISP in Russia is legally required to do the
> censorship (and mirror all traffic to FSB black boxes, but that's another
> story).

I hate the censorship but I like the fact you're not gagged and can talk about
the fact traffic is being mirrored.

~~~
gngeal
OR, he's not allowed to, and he's doing it anyway.

~~~
drdaeman
Nope, it's codified in the law, in a legalese, but right in the open.

The sad thing is, practically nobody cared about that, for years. The
dissatisfaction became visible only when government granted themselves an
ability not only sniff on others communications (which is obviously invisible
to end user) but also actively censor them.

------
merlincorey
I once worked somewhere where some resources could not be displayed to all
clients. We chose to (ab)use HTTP 409 Conflict.

> 10.4.10 409 Conflict

> The request could not be completed due to a conflict with the current state
> of the resource. This code is only allowed in situations where it is
> expected that the user might be able to resolve the conflict and resubmit
> the request. The response body SHOULD include enough

> information for the user to recognize the source of the conflict. Ideally,
> the response entity would include enough information for the user or user
> agent to fix the problem; however, that might not be possible and is not
> required.

> Conflicts are most likely to occur in response to a PUT request. For
> example, if versioning were being used and the entity being PUT included
> changes to a resource which conflict with those made by an earlier (third-
> party) request, the server might use the 409 response to indicate that it
> can't complete the request. In this case, the response entity would likely
> contain a list of the differences between the two versions in a format
> defined by the response Content-Type.

------
edent
Discussion on HN from when the IETF Draft was created
[https://news.ycombinator.com/item?id=4099751](https://news.ycombinator.com/item?id=4099751)

My blog post which helped inspire it [http://shkspr.mobi/blog/2012/06/there-
is-no-http-code-for-ce...](http://shkspr.mobi/blog/2012/06/there-is-no-http-
code-for-censorship-but-perhaps-there-should-be/)

Simultaneously glad and disgusted that there is a campaign around this.

------
chrisfarms
Is this saying:

"As a web user I want our ISPs/governments to give us a nice error page so we
understand what is going on when they DNS block or seize websites"

Or is it saying:

"As a web-master, when have to take down content due to legal proceedings I
want a nice HTTP code to return"

They give example of the first (Virgin Media), but that takes down an entire
domain, so it's kind of irrelevant if the correct HTTP code is returned, it's
not like that is going to be resolved quickly. 503 would be the correct code
here.

The second might be useful to spiders (who might want to back-off spidering so
often for a while), but then wouldn't you just want to show your users a 404
with a nice reason why the content has gone.

~~~
nwh
I understood it as the latter. Something that a webmaster can display to show
a DMCA or geographical legal issue.

------
yxhuvud
I don't get it? There are already drafts for it, which were created close in
time to when Bradbury died.

[http://tools.ietf.org/html/draft-tbray-http-legally-
restrict...](http://tools.ietf.org/html/draft-tbray-http-legally-restricted-
status-00)

~~~
jvdh
A draft is not an implementation. And an implementation in browsers is not an
implementation in providers or webservers.

This is a very good way to make people aware of legal blocking, and to make
sure that it is adopted.

------
DharmaSoldat
Surprised no one has made any reference to Farenheit 451.

Allow me to be the first.

Thankfully websites are not flammable.

~~~
unethical_ban
The error code for censorship is the reference. I guess not everyone would
recognize that, but I immediately noticed.

------
mcv
For some reason, this article is blocked from my work due to proxy avoidance.

Somehow seems fitting.

------
corobo
Surely this should be within the 5xx range of status codes? I get there's a
reference to be had using 451 but this is more of a server error than client.

~~~
maaaats
Is the 451 a reference to something?

~~~
jvdh
Yes, Fahrenheit 451 by Ray Bradbury.

A dystopian novel about a world where all books are banned and fire squads
roam around to burn them.

------
venus
Well, the cool thing about HTTP error codes is that you don't need a campaign
or get permission from the W3C, you can just start using them if you want.

~~~
nathan_long
Yes, but that's true of other standards. Eg, I can start putting <haiku> tags
in my HTML if I want.

The issue is whether anyone else will expect this tag or code and do anything
meaningful with it.

~~~
ToastyMallows
I get what you mean but I don't think this is the same thing. HTML has a DTD,
something that people conform to when writing, so your <haiku> tag would not
follow that guideline, whereas companies like Twitter can implement their own
error codes as they see fit. See error code 420, Enhance Your Calm.[0]

[0]:
[https://en.wikipedia.org/wiki/List_of_HTTP_status_codes](https://en.wikipedia.org/wiki/List_of_HTTP_status_codes)

~~~
kijeda
Well, sure, just like I can create my invented domain name like hacker.news
and use my own IP addresse 1.2.3.4 without being allocated them. The Internet
interoperates by everyone agreeing to follow the same agreed conventions, but
there is no rule that says you have to. The registry for HTTP status codes has
no 420 code and could be assigned for a different purpose in the future:
[http://www.iana.org/assignments/http-status-
codes](http://www.iana.org/assignments/http-status-codes)

------
krajzeg
There is a lot of discussion below on whether 451 is the right error code and
how to implement it properly, but I'm missing one thing - what's the benefit
of doing it as a status code at all?

If you're going to say that it raises censorship awareness - Internet
protocols are intended as useful technical standards for programs to
communicate, not vehicles for political goals.

What is the _technical_ benefit of failing with a different error code? Is
there need for client software to react differently to a 451 and a 403? The
status code is not intended for the human user. If we want to raise awareness,
than we already have means to do that - a 403 with a descriptive page citing
the reasons. Many websites already do that when complying to DMCA takedowns.

------
eatitraw
Some sites in Russia actually return 451:

curl -I [http://lurkmore.to/Конопля](http://lurkmore.to/Конопля)

~~~
saraid216
I have no idea what this is or what 451 means in this context, but I'm
upvoting this as a legitimate technical reason not to use 451.

------
nawitus
Technically speaking 403 can be returned if it's blocked for legal reasons,
but obviously it would be nice to know why it is forbidden.

~~~
txutxu
There is some reasoning about this on: [http://www.451unavailable.org/why-do-
we-need-error-451](http://www.451unavailable.org/why-do-we-need-error-451)

Still, imho, 4XX could be a response for a given URL, but when "a website is
blocked" (from the text of the previous URL), we should go to 5XX, as in 503 -
service unavailable.

~~~
eli
5xx does not really make sense for a single page removed due to DMCA.

~~~
txutxu
Yes, I don't know if two codes (one for URL and one for the entire site) could
make sense in this case.

------
jvdh
I bet you they are really happy you submitted this smack in the middle of the
holiday of their main employee/volunteer :-).

Messages to their volunteer address get a vacation message that they're away
until September 1st.

------
nilved
We should absolutely not be standardizing censorship.

~~~
Zenst
In this form I totally agree. Reason being that by haveing a block at the web
server level in essence places the blocking to be done by the hosting site and
blocking based upon location and content. This places the onus of censorship
upon the host, which they can already code for if they want.

Not sure placeing the onus of censorship into the hands of the host and not
the goverment with there IP/DNS blocks or however they impose such blocks
(China has a nice firewall for outside China sites and I dare to think of how
they block a website inside China though can bet it is just as effective).

That all said the posiblility to volantarly do the blocking in a way that the
powers that be will accept and with that allow there country's owners to see
parts of yoru site that are legal and not the illegal parts for them. Well
that would possibily have uses and opens your site up still instead of a
blanket ban.

    
    
      Piratebay has legal torrents, yet they are blocked as some form of descrimnation blanket ban.  So it does have it's possibilities, albiet a dangerous path that should not be tread lightly.

------
alexchamberlain
I got Access Denied at work...

------
mrab
Is this really necessary? How about 456 - unavailable because someone spilled
coffee on our backend server? Or 467 - unavailable because garden gnomes
invaded our offices?

------
javindo
I can see some reasoning behind this, but the reasoning is that the emphasis
of the problem is "people are angry at the site because something is blocked
so let's show an error code reflecting the real reason." Using 451 would take
the emphasis away from the site and onto the legal oppressor.

On the other hand, why not inverse all inaccessible content to legal
oppressors? Change the default meaning of 403 for example to "Access denied
for permissive or legal reasons".

~~~
daveid
Change the default meaning of 403? I don't think that's a good idea. When a
user needs to be logged in to do something and they aren't, you show them 403.
When access is restricted to people outside a network, they see 403. It'll be
hard to force a new behaviour onto the existing web, easier to add a new HTTP
code.

~~~
RyanMcGreal
My understanding is that the server should respond with 401 Unauthorized when
someone is attempting to access a resource that requires authentication. What
is the case for using 403 instead?

~~~
daveid
OK, 401 makes more sense in that context. But another 403 case would be "the
authorized user lacks permission to open resource."

------
p_papageorgiou
The whole point of this is wrong... The internet is free, content shouldn't be
blocked for legal reasons

~~~
nextw33k
The whole point of this is right, its highlighting the government breaking the
Internet.

Content shouldn't be blocked, the Internet should be free and open. However
without letting people know what's happening they will not complain.

Of course what the browser should display is:

451: The Right Honourable Claire Perry MP has deemed that you shouldn't be
able to look at this site.

~~~
p_papageorgiou
I have no clue about US politics but this sounds cool!

~~~
alan_cx
In case you didn't know, MP Clair Perry is a British Member of Parliament,
sadly. She is one of those people who know better, than us "plebs".

IMHO, she is ignorant(1) and irrational(1), and there for scared witless of
the internet, so she seeks to control it. I don't think she knows how wrong
she is, there for I don't see her as evil, as such. However, it does seem our
vote whore of a Prime Minister listens to her every word, hence the attempts
to block porn and make people opt in to avoid the blocks, since her position
ties in to an awful lot of right wing voters, who are equally, if not more,
ignorant and irrational. They are the kind of people who genuinely believed
Rock and Roll was the work of the devil, and that black people are a different
species.

(1)I use these words for their real meaning and not the insult, judgement, or
political value. I honestly think many people literally do not understand the
technical issues, and act illogically as a result. I believe this is a lot to
do with the traditional media, who politicians rely on, issuing scare stories
about the internet because their business were and still are threatened by it.
My "evil" in this is those who spread the lies, ie, the media. I hate to admit
this, but in many ways I see the likes of Clair Perry as well intentioned
victims and mules of the media.

------
taopao
452 Blocked for reasons which may or may not be legal but I probably shouldn't
say either way

------
dlitz
How does this interact with the effort to encourage the use of HTTPS
everywhere?

~~~
Osiris
If the 451 code is returned by the web server because the site got a DMCA
request, then HTTPS doesn't matter because the destination web server already
decrypted the session to find the request that you're making before returning
the code.

------
Inetgate
Unfortunately, that page return 200 OK. Why does not it return 451 status
code?

------
bugsense
That would be great when you have to block access to OFAC listed countries

------
aaronkrolik
Tried to open this link at work. Blocked for legal reasons :)

------
hawleyal
That is a dumb error code.

404 already exists.

~~~
ceejayoz
404 is for "not found". 451 would be for "found, but we can't show it to you".

~~~
dragonwriter
> 451 would be for "found, but we can't show it to you".

"The server understood the request, but is refusing to fulfill it" is already
403.

