4

Microsoft lists the IIS http status codes including the substatus codes here.

In the 404 section there are substatus codes between 0 and 20, but in my logs I get a 503 as sc-substatus

I can't find any information about it. Don't confuse this with the standard http 503 (Service unavailable) status.

Peter Hahndorf
  • 13,763
  • 3
  • 37
  • 58

1 Answers1

6

A quick review of the site in question solved this question. It was setup with IP Address Restrictions, the 404.503 is logged for every request that is not from an allowed IP address.

Normally a 403 (Forbidden) status is sent, but in IIS 7+ you can specify which status to return. In the 'Edit Feature Settings' for IP restrictions choose the 'Deny Action Type':

Unauthorized - results in a 401 Unauthorized - IIS-Logs:  401.503
Forbidden    - results in a 403 Forbidden    - IIS-Logs:  403.503
NotFound     - results in a 404 Not Found    - IIS-Logs:  404.503
AbortRequest - results in a Aborted          - IIS-Logs:  not logged
Peter Hahndorf
  • 13,763
  • 3
  • 37
  • 58
  • More info can be found at http://www.iis.net/learn/get-started/whats-new-in-iis-8/iis-80-dynamic-ip-address-restrictions – Lex Li Jul 10 '16 at 23:18
  • which one is recommended? AbortRequest or Forbidden? – juFo Mar 24 '21 at 12:43
  • @juFo - I would actually use a 404 NotFound, otherwise you tell a potential attacker that the resource is there but not accessible to him. A 404 is just: "nothing to see here, move along" – Peter Hahndorf Mar 24 '21 at 17:02