HTTP error 401 and 403 detailed explanation and solution

A, 401:
1. HTTP 401 Error – Unauthorized: (Unauthorized)
Your Web server believes that the HTTP data stream sent by the client is correct, but access to the URL resource requires user authentication, and the relevant information 1) has not been provided, or 2) has been provided but has not passed the authorization test. This is commonly known as “HTTP Basic Validation.” The authentication request that is required from the client is defined in the HTTP protocol as WWW — Authenticate Header Field

Desktop applications usually do not use cookies. Instead, they send the “user name + colon + password” as a base64-encoded string in the header Authorization of the HTTP request to the server. This method is called HTTP Basic Authentication.

2. The reason:
Since the request does not contain the Authorization header, the server will return a 401 Unauthozied to the client and add the information in the Response header “WWW -authentivate”. When the client encodes the user name and password with Base64 encryption and sends it to the server in the Authorization header, the authentication will be successful.

3. Scenarios and methods:
This is the interface of the user token. All the Body request parameters and Headers are the same, but the 401 error is reported. Haha, I forgot to add the request Header for Authorization. The solution is to add a keyvalue pair for basic authentication in HEADERS. The key-value pair is as follows:
Authorization:Basic YKKOw9MPlY3JldA== (Note: Base64-bit encoding here is written arbitrarily, please feel free to read) Authorization:Basic YKKOw9MPlY3JldA==
http://blog.csdn.net/u013136708/article/details/41210897

Second, 403:
1. HTTP 403forbidden – Access denied
403forbidden is a Status Code in the HTTP protocol. You do not have permission to access this site.

This state represents
The server understood the request but refused to execute the task. The request should not be re-sent to the server. In cases where the HTTP request method is not “HEAD” and the server wants the client to know why the permission is not available, the server should describe the reason for the refusal in the message returned. In cases where the server does Not want to provide any feedback, the server can use 404 Not Found instead of 403 Forbidden.

2. The reason:

You don’t have permission to access/on this server.
Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.

3. Scenarios and methods:

I happened to see this error 403 a few days ago. Our link address was https://www.ceshi.com at that time. But it was configured as http://www.ceshi.com by someone else; This will result in a 403 error. The solution: just change HTTP to HTTPS.

On closer inspection: the error should be 403.4. 403.4 error is caused by requiring SSL, you must use “HTTPS” in the address of the page you want to view.


Read More: