0

I'd like to send an HTTP response that indicates my server is not willing to cooperate with the requester, as a sort of (voluntarily-imposed non-legal) sanction. For example, ACME Corp stole your stapler, so you're responding to requests from ACME's IP with an XXX status code (and a response body describing its crime)- until the stapler is returned.

Some ideas:

403 - Seems appropriate, but 403 doesn't specificly indicate that sanctions are in place and that you aren't cooperating. You could use the response body to indicate that information, but you would still be conflating your existing 403 responses with sanctioned responses (bad for metrics).

423 - The requested resource is indeed "locked" due to sanctions, but the spirit of 423 is for collision avoidance, so it may not be appropriate.

451 - Close, but there's not a legal entity involved (we're trying to indicate non-cooperation). However, the Link HTTP header the 451 response uses would be a good spot to have Link: <https://example.com/acme-give-me-back-my-stapler>; rel="blocked-by"

Are there better alternatives?

MattyRad
  • 1
  • 1
  • i wozld use 418,im a teapot, since its basically not used and could be tracked easily ;) – djdomi Feb 27 '22 at 07:41
  • I'm always partial to code 402 - payment required. It is currently still "reserved for future use" so assigning your own meaning should be possible without breaking anything. Your server is willing to accept restitution payments or a suitably large bribe, which maybe also sends the correct message ;-) – Bob Mar 01 '22 at 14:19
  • Ha, yes 402 does seem suitable in that regard. – MattyRad Mar 05 '22 at 18:35

0 Answers0