Each HTTP request received by a server is answered with an HTTP status code when accessing a web server or application. HTTP status codes are three-digit codes divided into five classes. The status code class can be identified quickly with its first digit:
- 1xx: Informational
- 2xx: Success
- 3xx: Redirection
- 4xx: Client Error
- 5xx: Server Error
From a system administrator’s perspective, this guide focuses on identifying and troubleshooting the most commonly found HTTP error codes, i.e. 4xx and 5xx status codes. There are many situations where a web server can respond to a request with a specific error code-we will cover common possible causes and solutions.
Client and Server Error Overview
Client errors or HTTP status codes from 400 to 499 result from HTTP requests from a user client (i.e. a web browser or other HTTP client). Although these types of errors are client-related, it is often useful to know which error code a user encounters to determine whether a server configuration can fix the potential problem.
Server errors or HTTP status codes from 500 to 599 are returned by a web server if it is aware that an error has occurred or that the request can not be processed otherwise.
General Troubleshooting Tips
- Refresh the browser after changing the server when using a web browser to test a web server.
- For more details on how the server handles the requests, check the server logs. Web servers like Apache or Nginx, for example, produce two files called access.log and error.log, which can be scanned for relevant information.
- Keep in mind that definitions of HTTP status code are part of a standard implemented by the application that serves applications. This means that the returned status code depends on how the server software handles a particular error-this guide should usually point you in the right direction.
Now that you understand HTTP status codes at a high level, we will look at the commonly encountered errors.
400 Bad Request
The status code of 400, or Bad Request error, means that the HTTP request sent to the server is invalid.
Here are some examples of the possibility of a 400 Bad Request error:
- The site-related cookie of the user is corrupt. Clearing the cache and cookies of the browser could solve this problem
- Malformed application due to defective browser
- Manually forming HTTP requests (e.g. using curlincorrectly) due to human error.
The 401 status code, or an unauthorized error, means that the user who attempts to access the resource has not been authenticated or correctly authenticated. The user must therefore provide credentials to view the protected resource.
If a user tries to access a resource that is protected by HTTP authentication, as in this Nginx tutorial, an example scenario in which a 401 Unauthorized error would be returned. In this case, the user receives a 401 response code until the web server is provided with a valid username and password (one in the file.htpasswd).
The 403 status code or prohibited error means that the user has submitted a valid request, but the server refuses to serve the request due to the lack of access to the requested resource. If you unexpectedly encounter a 403 error, there are a few typical causes.
403 errors usually occur when the user who runs the process of the web server does not have sufficient permissions to read the accessed file.
To give an example of a 403 error troubleshooting, assume:
- The user is trying to access the web server’s index file, from
- The web server worker process is owned by the
- On the server, the index file is located at
If the user has a 403 Forbidden error, make sure the www-data user has enough permissions to read the file. This usually means that other file permissions should be set to read. There are several ways to ensure this, but in this case the following command works:
sudo chmod o=r /usr/share/nginx/html/index.html
Another possible cause of 403 errors is the use of a.htaccess file, often intentionally. The.htaccessfile can, for example, be used to deny access to specific IP addresses or ranges to certain resources.
If the user receives an unexpected 403 Forbidden error, make sure that your.htaccess settings do not cause it.
Index File Does Not Exist
If the user tries to access a directory without a default index file and directory listings are not enabled, a 403 Forbidden error will be returned to the web server. For example, if the user tries to access http:/example.com / emptydir / and there is no index file on the server in the emptydir directory, the status of 403 is returned.
If you want to enable directory listings, you can do so in the configuration of your web server.
404 Not Found
The 404 status code, or an error not found, means the user can communicate with the server, but the requested file or resource cannot be located.
There may be 404 errors in a wide variety of situations. If the user receives a 404 Not Found error unexpectedly, here are some questions to ask when fixing the problem:
- Does the link that directed the user to your server resource have a typographical error in it?
- Did the user type in the wrong URL?
- Does the file exist in the correct location on the server? Was the resource was moved or deleted on the server?
- Does the server configuration have the correct document root location?
- Does the user that owns the web server worker process have privileges to traverse to the directory that the requested file is in? (Hint: directories require read and execute permissions to be accessed)
- Is the resource being accessed a symbolic link? If so, ensure the web server is configured to follow symbolic links
500 Internal Server Error
The 500 status code means that the server can not process the request for an unknown reason. Sometimes this code appears when there are more specific 5xx errors.
This error is most commonly caused by server malconfiguration (e.g. a malformed.htaccess file) or missing packages (e.g. attempting to run a PHP file without properly installed PHP).
502 Bad Gateway
The 502 status code, or Bad Gateway error, means that the server is a gateway or proxy server and the backend server does not receive a valid response to the request.
If the server in question is a reverse proxy server, such as a load balancer, here are a few things to check:
- The backend servers (where the HTTP requests are being forwarded to) are healthy
- The reverse proxy is configured properly, with the proper backends specified
- The network connection between the backend servers and reverse proxy server is healthy. If the servers can communicate on other ports, make sure that the firewall is allowing the traffic between them
- If your web application is configured to listen on a socket, ensure that the socket exists in the correct location and that it has the proper permissions
503 Service Unavailable
The 503 status code or service error means the server is overloaded or maintained. This error implies that at some point the service should be available.
If the server is not maintained, it can be shown that the server does not have sufficient CPU or memory resources to handle all incoming requests, or that the web server must be configured to allow more users, threads or processes.
504 Gateway Timeout
The 504 status code, or Gateway Timeout error, means that the server is a gateway or proxy server and the server does not receive a response from the backend server within the allowed period of time.
This typically occurs in the following situations:
- The network connection between the servers is poor
- The backend server that is fulfilling the request is too slow, due to poor performance
- The gateway or proxy server’s timeout duration is too short
You should have a good basis for troubleshooting problems with your web servers or applications now that you are familiar with the most common HTTP error codes and common solutions to those codes.
If you find any error codes not listed in this guide, or if you know other possible solutions to those described, please discuss them in the comments!