Post ASE2R9OCJH1we0xWoy by CatboyCumDump@poa.st
 (DIR) More posts by CatboyCumDump@poa.st
 (DIR) Post #ASDG8o6RuwRjc7qS7E by josh@poa.st
       2023-01-31T20:13:42.584984Z
       
       2 likes, 1 repeats
       
       Okay retards (web developers), here's a question: What HTTP code should be used for interstitial pages on DDoS guards?See: en.wikipedia.org/wiki/List_of_HTTP_status_codesCloudflare at some point switched to 503 which I hate. It's incorrect. I am considering using 511 (the code for things like WiFi Terms of Service pages).It's an interestingly unanswered question considering how the HTTP status code RFC is notoriously bloated (see 418 I am a Teapot). And, additionally, Cloudflare is working with Apple to make a new kind of anonymous and instant captcha that involves using your device ID.
       
 (DIR) Post #ASDH50eZPhYBKlYeDQ by pasture@pl.gamers.exposed
       2023-01-31T20:24:12.039436Z
       
       0 likes, 0 repeats
       
       @josh seems good enough. Generally 4xx means "client problem", no clue why it's 5xx
       
 (DIR) Post #ASDK3SZgvoidDJEEKG by FarmerTwo@poa.st
       2023-01-31T20:54:50.311349Z
       
       0 likes, 0 repeats
       
       @josh 428, maybe? "Precondition Required" implies it needs to meet certain condition, and passing the ddos check seems to be that condition. Plus 5xx codes indicate server error while ddos page is a normal behaviour
       
 (DIR) Post #ASDK3TD2ZWC7BLdeeu by josh@poa.st
       2023-01-31T20:57:33.500682Z
       
       0 likes, 0 repeats
       
       @FarmerTwo No, that means that the client asked for something that the server cannot provide. Very specific use case where you're requesting a content type the server does not have.
       
 (DIR) Post #ASDOtCL2wTI9jVIwbY by PunishedD@poa.st
       2023-01-31T21:51:44.810722Z
       
       0 likes, 0 repeats
       
       @josh If you use 511, that might break non-PC devices that have specific responses to captive portals.  Phones, tablets, chromebooks sometimes have OS-level things they pop up when that code is detected.
       
 (DIR) Post #ASDP05dEHAYIxY5zjE by josh@poa.st
       2023-01-31T21:52:58.805456Z
       
       1 likes, 0 repeats
       
       @PunishedD good concern, i'll check that out. That might require specific headers to trigger OS prompts.
       
 (DIR) Post #ASDT53cTaH6lz2Mr2W by PalePimp@poa.st
       2023-01-31T22:38:42.735682Z
       
       0 likes, 0 repeats
       
       @josh My advise: 429, too many requests. Not a dev BTW.
       
 (DIR) Post #ASDTCB9Lz8RRMi8q0m by graf@poa.st
       2023-01-31T22:39:58.287823Z
       
       5 likes, 0 repeats
       
       @PalePimp @josh poast sends 402 instead of 429 because it's funnier "fuck you pay me"
       
 (DIR) Post #ASDU2ziJEdkxFDfz2e by cyberiasec@poa.st
       2023-01-31T22:21:02.263246Z
       
       0 likes, 0 repeats
       
       @josh What is wrong with 403 (maybe 401)? 511 is not intended for this because the RFC says the response should contain a link where the user can submit credentials. 422 might be a valid options. I like 400 the most because it says "The HyperText Transfer Protocol (HTTP) 400 Bad Request response status code indicates that the server cannot or will not process the request due to something that is perceived to be a client error (for example, malformed request syntax, invalid request message framing, or deceptive request routing)."
       
 (DIR) Post #ASDU30CnPI8ullwKYq by josh@poa.st
       2023-01-31T22:49:31.282445Z
       
       1 likes, 0 repeats
       
       @cyberiasec Interesting point about 511's RFC, you are technically correct (the best kind of correct).401 is unacceptable because it is the status code for the old original HTTP authentication system (the one with the little prompt with a password field they used for pay-for titty websites).403 is incorrect because it can be confused with other kinds of permanent barriers.422 is interesting. It's a very strong choice. It doesn't appear to have any actual use and the RFC doesn't require any headers or negotiations that many other status codes use. Very nice.
       
 (DIR) Post #ASDUEzIUbpB3QbJs5w by PalePimp@poa.st
       2023-01-31T22:51:42.722060Z
       
       1 likes, 0 repeats
       
       @graf @josh Devilish.I personally like 429 because while bad actors don't care about error messages well behaved bots will cool down on the requests.
       
 (DIR) Post #ASDXmcOKZvpY5xmJCy by PunishedD@poa.st
       2023-01-31T23:31:24.024824Z
       
       1 likes, 0 repeats
       
       @josh @cyberiasec What behavior are you trying to get?  If it's just a delayed server response to mitigate DDOS, you could maybe use 102.  I don't know that it would render an info page or do proof-of-work alongside that, it may be client specific.
       
 (DIR) Post #ASE10OmirTrUcV6uXY by GenitalHairBall@poa.st
       2023-01-31T20:18:54.873888Z
       
       1 likes, 0 repeats
       
       @josh Code 1488
       
 (DIR) Post #ASE2R9OCJH1we0xWoy by CatboyCumDump@poa.st
       2023-01-31T20:15:17.638198Z
       
       1 likes, 0 repeats
       
       @josh use 418 until you figure it out
       
 (DIR) Post #ASE2h7kQBH32BcyFuK by Boyka@poa.st
       2023-02-01T05:13:58.185643Z
       
       0 likes, 0 repeats
       
       @josh @alex
       
 (DIR) Post #ASE2h98Z0zxCUnH3B2 by alex@gleasonator.com
       2023-02-01T05:17:37.380794Z
       
       0 likes, 0 repeats
       
       @Boyka @josh I don’t have any strong feelings about what’s semantically “correct”, but I would probably copy what Cloudflare is doing for the sake of compatibility. That’s the Fediverse dev mindset.
       
 (DIR) Post #ASE2pwm6LaPSlExoy8 by alex@gleasonator.com
       2023-02-01T05:19:14.677332Z
       
       0 likes, 0 repeats
       
       @Boyka @josh 503 makes sense because if you’re a human you don’t care about the HTTP status code. But if you’re a bot, you’re not getting past that page. So “service unavailable” actually does make perfect sense.
       
 (DIR) Post #ASE33fDSQXLaMEIfcO by keith@nightshift.social
       2023-02-01T05:21:49.951558Z
       
       0 likes, 0 repeats
       
       
       
 (DIR) Post #ASEVed4g9LF599boDA by cdsraete@poa.st
       2023-02-01T09:56:12.481057Z
       
       1 likes, 0 repeats
       
       @josh The fuck you all are talking about? What's wrong with 200? You return a page that is to be displayed in browser. That's 200. You can be fancy and go with 404, because it will still work in browser, and most likely to get bots to fuck off. Not malicious bots, but well-meaning but unable to pass the guard. But that's it. Anything else neither serves any practical purpose nor standards-compliant.
       
 (DIR) Post #ASEVedY6NwmIcPNJ4a by josh@poa.st
       2023-02-01T10:42:14.660419Z
       
       1 likes, 0 repeats
       
       @cdsraete I came to this conclusion while unable to sleep last night because I was thinking about http codesI've decided to go with Status 203: Non-Authoritative Content.
       
 (DIR) Post #ASEbpWL882hTAase9Y by butterdog@poa.st
       2023-02-01T11:51:27.639532Z
       
       1 likes, 0 repeats
       
       @josh @cdsraete Great men have historically used the time between wake and falling asleep to contemplate big problems, so you're in good company.When you start dreaming about your coding projects, or your eye lid muscles are spasming it's time to take a break.
       
 (DIR) Post #ASElRt6ipK4aNFVjc0 by LurkPerry@poa.st
       2023-02-01T10:43:18.872537Z
       
       1 likes, 0 repeats
       
       @josh @cdsraete What an autismo thing to dream about