511

Network Authentication Required

5xx Server Error

Back to list

Server perspective

Use 511 only for captive-portal or network-access control flows where an intercepting proxy requires network authentication before wider access is allowed.

When to use

  • Return 511 from an intercepting proxy or captive portal, not from a normal origin application
  • Use it to signal that the client must authenticate to the network before the original request can proceed

How to respond

  • Include clear instructions or a link to the captive-portal login flow in the response body
  • Keep the response distinct from origin authentication so non-browser clients do not mistake it for a normal 401 challenge

Headers to consider

  • No status-specific authentication challenge header is required; provide navigation to the login or acceptance flow in the response body or portal metadata

Response body

  • A body is recommended; explain the captive-portal requirement and link to the page where the user can authenticate or accept terms

Server-side pitfalls

  • Do not use 511 for website or API authentication; use 401 or 403 for origin-application auth flows
  • Do not let the response look like it came from the target origin server when it is really generated by the network

Examples

Airport Wi-Fi captive portal intercepts request

Request:GET http://example.com from an unauthenticated device
Response:511 Network Authentication Required with a login link in the response body

The network access gateway stops the request and directs the user to the captive-portal flow.

References

Related 5xx Server Error Codes

500

Internal Server Error

Something broke on our end! It's not your fault - our server had a problem and couldn't handle your request.

501

Not Implemented

Our server doesn't know how to do what you asked. This feature hasn't been built yet.

502

Bad Gateway

I'm a middleman server, and the server I was trying to talk to gave me a bad or broken response.

503

Service Unavailable

Our service is temporarily down for maintenance or overloaded. Please try again later.

504

Gateway Timeout

I'm a middleman server, and the server I was trying to talk to took too long to respond, so I gave up waiting.

505

HTTP Version Not Supported

You're speaking an old or new version of HTTP that I don't understand. Please use a version I support.

506

Variant Also Negotiates

The server got confused while picking the best version of a resource and ended up pointing in circles.

507

Insufficient Storage

I don't have enough storage space left to save what you're trying to upload. My disk is full!

WebDAV
508

Loop Detected

The server followed references while walking through folders and found a cycle, so it stopped instead of going in circles forever.

WebDAV
510

Not Extended

Your request needs additional extensions or features that haven't been negotiated or enabled yet.