When you surf the internet, communication takes place between the client (your web browser) and the web server. Using HTTP, the underlying internet protocol, the browser, and client exchange status codes with one another. A large part of these status messages isn’t seen when you’re surfing the net, since as long as everything is running smoothly they aren’t displayed.
The HTTP status codes are divided into groups: The first three groups are those that generally aren’t displayed to you in the browser. All codes in the 100s range describe ongoing requests. The codes 200 to 226 indicate that the browser’s request was successfully performed. The messages given in the 300s, though, refer to redirections. What is displayed to you from time to time, though, are the error messages: All status messages from the 500s range describe errors on the server side. The errors 400 to 499 note problems related to the client.
So with a 401 there is also an HTTP code that indicates an error in the client. In this sense, “client” can have very different meanings for the error message, since it just means the instance of communication with the webserver. This could be the browser, but could also be the router or even the internet provider used to make the connection. In many cases, however, the internet user has caused the error themselves.
Sometimes, instead of “401 Unauthorized” you could also get the message “401 Authorization Required.” Both basically mean that you don’t have permission for the requested website and must log in first. If the webserver runs with Microsoft IIS, even more specific status codes are often displayed:
- 401.1: Login failed
- 401.2: Login failed due to server configurations
- 401.3: Requested content refused by an Access Control List (ACL)
- 401.4: Authorization failed due to a filter
- 401.5: Authorization failed due to an ISAPI/CGI application
In the best-case scenario, you land on a specially designed error page that describes directly what you have to do.