Skip to content

511 Network Authentication Required

Description

The 511 Network Authentication Required status code indicates that the client needs to authenticate to gain network access. This status code is typically used by captive portals, such as those found in public Wi-Fi hotspots, hotels, or airports, where users must authenticate or agree to terms before gaining internet access.

This status code was introduced in RFC 6585 and is designed to provide a standard way for captive portals to intercept HTTP requests and indicate that authentication is required. It's different from 401 Unauthorized, which is used when authentication is required for a specific resource, not for network access itself.

When a client receives a 511 response, it should display the enclosed representation to the user, which typically contains a login page or terms of service that must be accepted.

Syntax

HTTP/1.1 511 Network Authentication Required
Content-Type: text/html
Content-Length: [length]

<!DOCTYPE html>
<html>
<head>
  <title>Network Authentication Required</title>
  <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
  <h1>Network Authentication Required</h1>
  <p>You need to authenticate to gain network access.</p>
  <!-- Authentication form or portal information would be here -->
</body>
</html>

Examples

Example 1: Public Wi-Fi Hotspot

A user attempts to access a website through a public Wi-Fi hotspot that requires authentication.

Request: 

GET https://www.example.com/ HTTP/1.1
Host: www.example.com
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36

Response: 

HTTP/1.1 511 Network Authentication Required
Content-Type: text/html
Content-Length: 854

<!DOCTYPE html>
<html>
<head>
  <title>Wi-Fi Authentication Required</title>
  <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
  <h1>Authentication Required</h1>
  <p>Please log in to access the internet.</p>
  <form action="/login" method="post">
    <label for="email">Email:</label>
    <input type="email" id="email" name="email" required><br><br>
    <label for="password">Password:</label>
    <input type="password" id="password" name="password" required><br><br>
    <input type="submit" value="Log In">
  </form>
  <p>Don't have an account? <a href="/signup">Sign up</a></p>
</body>
</html>

Example 2: Hotel Wi-Fi with Terms of Service

A hotel guest attempts to access the internet but must first agree to terms of service.

Request: 

GET https://news.example.com/ HTTP/1.1
Host: news.example.com
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_4 like Mac OS X)

Response: 

HTTP/1.1 511 Network Authentication Required
Content-Type: text/html
Content-Length: 1024

<!DOCTYPE html>
<html>
<head>
  <title>Hotel Wi-Fi - Terms of Service</title>
  <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  <meta name="viewport" content="width=device-width, initial-scale=1">
</head>
<body>
  <h1>Hotel Wi-Fi</h1>
  <h2>Terms of Service</h2>
  <div class="terms">
    <p>By using our Wi-Fi service, you agree to the following terms:</p>
    <ol>
      <li>The service is provided as-is with no guarantees of speed or availability.</li>
      <li>You will not use the service for illegal activities.</li>
      <li>We reserve the right to monitor network traffic for security purposes.</li>
      <li>Excessive bandwidth usage may result in throttling or disconnection.</li>
    </ol>
  </div>
  <form action="/accept-terms" method="post">
    <input type="checkbox" id="agree" name="agree" required>
    <label for="agree">I agree to the terms of service</label><br><br>
    <input type="submit" value="Connect to Wi-Fi">
  </form>
</body>
</html>

Example 3: Corporate Network Access

An employee attempts to access the internet from a corporate network that requires authentication.

Request: 

GET https://api.example.com/data HTTP/1.1
Host: api.example.com
Accept: application/json

Response: 

HTTP/1.1 511 Network Authentication Required
Content-Type: text/html
Content-Length: 742

<!DOCTYPE html>
<html>
<head>
  <title>Corporate Network Authentication</title>
  <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
  <h1>Corporate Network Authentication</h1>
  <p>Please authenticate using your corporate credentials to access the internet.</p>
  <form action="/corporate-auth" method="post">
    <label for="username">Username:</label>
    <input type="text" id="username" name="username" required><br><br>
    <label for="password">Password:</label>
    <input type="password" id="password" name="password" required><br><br>
    <input type="submit" value="Authenticate">
  </form>
  <p>For assistance, contact the IT Help Desk at ext. 1234.</p>
</body>
</html>

Summary

The 511 Network Authentication Required status code indicates that the client needs to authenticate to gain network access. It's primarily used by captive portals in public Wi-Fi networks, hotels, airports, and other locations where users must authenticate or agree to terms before accessing the internet.

Key points about 511 Network Authentication Required:

  1. It's defined in RFC 6585 as an extension to HTTP/1.1
  2. It's specifically designed for captive portals and network access authentication
  3. It differs from 401 Unauthorized, which is for resource-specific authentication
  4. The response typically contains HTML with a login form or terms of service
  5. Clients should display the enclosed representation to the user
  6. It's not intended for authenticating access to specific websites or resources
  7. Once network authentication is complete, the original request should be retried
  8. Modern operating systems and browsers often have special handling for captive portals that detect this status code