Menu
I have a system that logs information and sometimes find a particular IP address doing something nasty, like trying to exploit phpMyAdmin (even though it isn't even installed on the system).
When I find these offenders, I add the IP address to a block list that returns a small message whether the page exists or not and log the IP address and their query string so I can keep tabs on them.
Problem is, most of them appear to be scripts that scan, and I am still technically returning a HTTP status code of 200 with the small message. I want to be more forward with the status code, but I am not sure which one best applies.
I found the list here, and it seems that 401 or 403 best apply. Which is the best code for "banning" an IP address?
319
403 or 404 is best suited. See the reference for 403:
"(...) If the request method was not HEAD and the server wishes to make public why the request has not been fulfilled, it SHOULD describe the reason for the refusal in the entity. If the server does not wish to make this information available to the client, the status code 404 (Not Found) can be used instead."
Source: https://www.rfc-editor.org/rfc/rfc2616#section-10.4.4
For example you can return a status 403 - Forbidden and describe the reason in the response body. I'm not sure whether it is allowed to return a status code like 403 - Banned for .... In any case, innocent users are probably especially interested in the reason for the 403.
54
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
