Error 401 Unauthorized

Anyone who uses the Internet encounters not only interesting content, but also sometimes error messages. This is doubly annoying for many: not only are they unable to visit the page they requested, but they also don't know what the status code displayed actually means.

However, the meaning of the 401 Unauthorized error quickly becomes clear: you do not have permission to access the requested page. The cause of the error can usually be found quickly. We explain how to fix the problem and why this error occurs in the first place.

What does the 401 Unauthorized error mean?

When you use the Internet, communication occurs between the client (your web browser) and the web server. Through HTTP, the underlying Internet protocol, browsers and clients exchange HTTP status codes with each other. Most of these status messages you won't even see when surfing the Internet because if everything is going smoothly, they are not shown on purpose.

HTTP status codes are divided into groups: the first three groups are those that the browser does not usually show. All codes in the 100 range describe current requests. Codes 200 to 226 indicate that the browser request was successful. However, messages with 300 numbers are redirects.

You will see error messages from time to time: all status messages in the 500 range describe errors that affect the backend. On the other hand, errors 400 through 499 indicate problems affecting the client.

This means that 401 is also an HTTP code indicating an error on the client. "Client" can have different meanings in the sense of these error messages, since it only means the communication instance that sends the request to the web server.

This could be the browser, but also the router or even the Internet provider through which the connection is established. In many cases, the error is caused by the Internet user himself.

Sometimes you get a "401 Authorization Required" message instead of a "401 Unauthorized" message. However, both options essentially mean that you are not authorized on the requested website and must first log in to it. If the web server is running Microsoft IIS, even more specific status codes are often displayed:

- 401.1: Login failed.

- 401.2: Login failed due to server configuration.

- 401.3: The requested content was denied by the access control list (ACL).

- 401.4: Authorization failed due to a filter.

- 401.5: Authorization error due to ISAPI/CGI application.

In the best case scenario, you'll be taken to a specially designed error page that directly describes what you need to do.

How to fix 401 Unauthorized error?

In most situations, fixing the 401 Unauthorized error is very easy: the affected website has an area that only activates after authorization. In order to access the desired web page, you need to enter your login details in the appropriate location. If you do not already have an account on the site, you will need to create an account and register for it.

You'll likely find hyperlinks to this on the home page or in the header area. The error page will always appear if you try to skip such a login step and enter the link to the blocked page directly into your web browser.

This is why it may happen that an error message appears when you click on an external link. If the page the link points to is in a password-protected area, your browser will likely display a 401 Unauthorized error.

Then it’s better to go straight to the main page or try to move to the next level of the site’s folder structure. So in example example.com/Folder1/Folder2/Folder3 then try example.com/Folder1/Folder2/. The parent folder may already be available to you.

In any case, if you created an error by typing it yourself in the browser, you should check the URL again: perhaps you simply mixed up a letter or number and therefore ended up in a password-protected area.

However, the error may also occur if you have just tried to log in. Some websites will show you a 401 Unauthorized status code even if you entered incorrect login information. You may have entered your password, username or email address incorrectly. Return to this page and enter your details again.

To err is human: it may happen that you forget your login details. In this case, you need to contact the webmaster. They may tell you your username or reset your password.

Many websites also have automatic applications for this. You will receive a link via email that will allow you to create a new password.

If you regularly have problems remembering passwords, you should use a password manager. This means you can track even complex passwords.

In some cases, it may happen that you did everything correctly: you log in correctly using the appropriate form, the data entered is correct, but you are still greeted with the error code 401 Unauthorized.

Then there was probably an error on the server, but the system interpreted it as a 401 Unauthorized error. In such situations, which can also occur due to other error codes, two solutions are promising:

Please wait and reload the page.

In many cases, the simplest solution is also the most effective: Because website operators understandably want their pages to always be accessible, site visitors often have to simply wait until they fix the problem.

Be patient and reload the site later. Just in case, clear your cache and cookies in advance to prevent your browser from accidentally loading an erroneous page from internal memory.

Contact the webmaster.

Of course, there is a possibility that no one is aware of the problem yet, which could also be due to the fact that you are the only one experiencing the error. Therefore, please contact the site operator. You can usually find their email address in the legal notice.

Even if the error is your fault, the webmaster can help resolve the problem. Provide your contact with as much information as possible about your system to get a solution as quickly as possible.

If you were able to access the page in question in the past, meaning there was no password protection, you may still be able to access the website content with a small amount of workaround despite the error. Google creates a cache for websites, which means it stores a temporary copy of the page internally.

Simply enter cache:URL (site address) into the Google search bar using the appropriate URL to access the saved version. This can also be a subpage. The title bar informs you where the copy was made from.

Please note that you will not find current information there and will only see a copy of the previous version of the page.

401 and 403: what's the difference?

These two status codes have very similar causes: While 401 Unauthorized means “Authorization is required,” the 403 status message usually contains the addition “Forbidden”: you are denied access. As we discovered, when you get a 401 Unauthorized error, the system wants to tell you that you need to be logged in to access that site.

This is not provided for in 403. The webmaster prohibits access to this area of the site and does not provide any means of registration on it. Pages or directories are for internal use only and should not be accessible to external Internet users.

Mainton Company - custom software development and testing, DevOps and SRE, SEO and online advertising since 2004.

PENTEST SAFETY HACKED? ARTICLES VACANCIES