Wednesday, April 25, 2007

Session Hijacking

Session hijacking is the act of taking control of a user session after successfully obtaining or generating an authentication session ID. Session hijacking involves an attacker using captured, brute forced or reverse-engineered session IDs to seize control of a legitimate user's Web application session while that session is still in progress.

Detailed description

HTTP is stateless, so application designers had to develop a way to track the state between multiple connections from the same user, instead of requesting the user to authenticate upon each click in a Web application. A session is a series of interactions between two communication end points that occurs during the span of a single connection. When a user logs into an application a session is created on the server in order to maintain the state for other requests originating from the same user.

Applications use sessions to store parameters which are relevant to the user. The session is kept "alive" on the server as long as the user is logged on to the system. The session is destroyed when the user logs-out from the system or after a predefined period of inactivity. When the session is destroyed, the user's data should also be deleted from the allocated memory space.

A session ID is an identification string (usually a long, random, alpha-numeric string) that is transmitted between the client and the server. Session IDs are commonly stored in cookies, URLs and hidden fields of Web pages. A URL containing the session ID might look something like:

http://www.123somesite.com/view/7AD30725122120803

In an HTML page, a session ID may be stored as a hidden field:

Sometimes, cookies are set to expire (be deleted) upon closing the browser. These are termed "session cookies" or "non-persistent" cookies. Cookies that last beyond a user's session (i.e., "Remember Me" option) are termed "persistent" cookies. Persistent cookies are usually stored on the user's hard drive. Their location is determined according to the particular operating system and browser (e.g., C:\Documents and Settings\username\Cookies for Internet Explorer on Windows 2000).

There are several problems with session IDs. Many of the popular websites use algorithms based on easily predictable variables, such as time or IP address, in order to generate the Session IDs, causing their session IDs to be predictable. If encryption is not used (typically SSL), Session IDs are transmitted in the clear and are susceptible to eavesdropping.

Session hijacking involves an attacker using captured, brute forced or reverse-engineered session IDs to seize control of a legitimate user's session while that session is still in progress. In most applications, after successfully hijacking a session, the attacker gains complete access to all of the user's data, and is permitted to perform operations instead of the user whose session was hijacked.

There are three primary techniques for hijacking sessions:

  1. Brute force - the attacker tries multiple IDs until successful.
  2. Calculate - in many cases, IDs are generated in a non-random manner and can be calculated.
  3. Steal - using different types of techniques, the attacker can acquire the Session ID.

In brute force attacks, the attacker can try many IDs. For example, take a look at the following list of URLs, in which an attacker is trying to guess the session ID:

http://www.somesite.com/view/VW30422101518909
http://www.somesite.com/view/VW30422101520803
http://www.somesite.com/view/VW30422101522507

Session IDs can be stolen using a variety of techniques: sniffing network traffic, using trojans on client PCs, using the HTTP referrer header where the ID is stored in the query string parameters, and using cross-site scripting attacks.

In a "referrer" attack, the attacker entices a user to click on a link to another site (a hostile link, say www.hostile.com):

GET /index.html HTTP/1.0
Host: www.hostile.com
Referrer: www.mywebmail.com/viewmsg.asp?msgid=438933&SID=2343X32VA92

The browser sends the referrer URL containing the session ID to the attacker's site - www.hostile.com, and the attacker now has the session ID of the user.

Session IDs can also be stolen using script injections, such as cross-site scripting. The user executes a malicious script that redirects the private user's information to the attacker.

Mistakes made when developing with Ajax

Using Ajax for the sake of Ajax.

Sure Ajax is cool, and developers love to play with cool technology, but Ajax is a tool, not a toy. A lot of Ajax isn’t seriously needed to improve usability but rather experiments in what Ajax can do or trying to fit Ajax somewhere where it isn’t needed.

Breaking the back button

The back button is a great feature of the standard web site user interface. Unfortunately, the back button doesn’t mesh very well with Javascript. Keeping back button functionality is one reason not to go with a pure Javascript web app.

Keep in mind however that good web design provides the user with everything they would need to successfully navigate your site, and never relies on web browser controls.

Not giving immediate visual cues for clicking widgets

If something I’m clicking on is triggering Ajax actions, you have to give me a visual cue that something is going on. An example of this is GMail loading button that is in the top right. Whenever I do something in GMail, a little red box in the top right indicates that the page is loading, to make up for the fact that Ajax doesn’t trigger the normal web UI for new page loading.

Leaving offline people behind

As web applications push the boundaries further and further, it becomes more and more compelling to move all applications to the web. The provisioning is better, the world-wide access model is great, the maintenance and configuration is really cool, the user interface learning curve is short.

However, with this new breed of Ajax applications, people who have spotty internet connections or people who just don’t want to switch to the web need to be accomodated as well. Just because technology ‘advances’ doesn’t mean that people are ready and willing to go with it. Web application design should at least consider offline access. With GMail it’s POP, Backpackit has SMS integration. In the Enterprise, it’s web-services.
Don’t make me wait

With Firefox tabs, I can manage various waits at websites, and typically I only have to wait for a page navigation. With AJAX apps combined with poor network connectivity/bandwidth/latency I can have a really terrible time managing an interface, because every time I do something I have to wait for the server to return a response. However, remember that the ‘A’ in AJAX stands for ‘Asynchronous’, and the interaction can be designed so that the user is not prevented from continuing to work on the page while the earlier request is processed.

Sending sensitive information in the clear

The security of AJAX applications is subject to the same rules as any web application, except that once you can talk asynchronously to the server, you may tend to write code that is very chatty in a potentially insecure way. All traffic must be vetted to make sure security is not compromised.

Assuming AJAX development is single platform development.

Ajax development is multi-platform development. Ajax code will run on IE’s javascript engine, Spidermonkey (Mozilla’s js engine), Rhino (a Java js implementation, also from Mozilla), or other minor engines that may grow into major engines. So it’s not enough just to code to JavaScript standards, there needs to be real-world thorough testing as well. A major obstacle in any serious Javascript development is IE’s buggy JS implementation, although there are tools to help with IE JS development.

Forgetting that multiple people might be using the same application at the same time

In the case of developing an Intranet type web application, you have to remember that you might have more than one person using the application at once. If the data that is being displayed is dynamically stored in a database, make sure it doesn’t go “stale” on you.

Too much code makes the browser slow

Ajax introduces a way to make much more interesting javascript applications, unfortunately interesting often means more code running. More code running means more work for the browser, which means that for some javascript intensive websites, especially inefficiently coded ones, you need to have a powerful CPU to keep the functionality zippy. The CPU problem has actually been a limit on javascript functionality in the past, and just because computers have gotten faster doesn’t mean the problem has disappeared.

Not having a plan for those who do not enable or have JavaScript.

According to the W3 schools browser usage statistics, which if anything are skewed towards advanced browsers, 11% of all visitors don’t have JavaScript. So if your web application is wholly dependent on JavaScript, it would seem that you have potentially cut a tenth of your audience.

Blinking and changing parts of the page unexpectedly

The first A in Ajax stands for asynchronous. The problem with asynchronous messages is that they can be quite confusing when they pop in unexpectedly. Asynchronous page changes should only ever occur in narrowly defined places and should be used judiciously, flashing and blinking in messages in areas I don’t want to concentrate on harkens back to days of the html blink tag. “Yellow Fade”, “One Second Spotlight” and other similar techniques are used to indicate page changes unobtrusively.

Not using links I can pass to friends or bookmark

Another great feature of websites is that I can pass URLs to other people and they can see the same thing that I’m seeing. I can also bookmark an index into my site navigation and come back to it later. Javascript, and thus Ajax applications, can cause huge problems for this model of use. Since the Javascript is dynamically generating the page instead of the server, the URL is cut out of the loop and can no longer be used as an index into navigation. This is a very unfortunate feature to lose, many Ajax webapps thoughtfully include specially constructed permalinks for this exact reason.

Blocking Spidering

Ajax applications that load large amounts of text without a reload can cause a big problem for search engines. This goes back to the URL problem. If users can come in through search engines, the text of the application needs to be somewhat static so that the spiders can read it.

Asynchronously performing batch operations

Sure with Ajax you can make edits to a lot of form fields happen immediately, but that can cause a lot of problems. For example if I check off a lot of check boxes that are each sent asynchronously to the server, I lose my ability to keep track of the overall state of checkbox changes and the flood of checkbox change indications will be annoying and disconcerting.

Scrolling the page and making me lose my place

Another problem with popping text into a running page is that it can effect the page scroll. I may be happily reading an article or paging through a long list, and an asynchronous javascript request will decide to cut out a paragraph way above where I’m reading, cutting my reading flow off. This is obviously annoying and it wastes my time trying to figure out my place. But then again, that would be a very stupid way to program a page, with or without AJAX.

Inventing new UI conventions

A major mistake that is easy to make with Ajax is: ‘click on this non obvious thing to drive this other non obvious result’. Sure, users who use an application for a while may learn that if you click and hold down the mouse on this div that you can then drag it and permanently move it to this other place, but since that’s it’s not in the common user experience, you increase the time and difficulty of learning the application, which is a major negative for any application. On the plus side, intuitiveness is a function of learning, and AJAX is popularising many new conventions which will become intuitive as time goes by. The net result will be greater productivity once the industry gets over the intuitiveness hump.

Character Sets

One big problem with using AJAX is the lack of support for character sets. You should always set the content character set on the server-side as well as encoding any data sent by Javascript. Use ISO-8859-1 if you use plain english, or UTF-8 if you use special characters, like æ, ø and å (danish special characters) Note: it is usually a good idea to go with utf-8 nowadays as it supports many languages).

Changing state with links (GET requests)

The majority of Ajax applications tend to just use the GET method when working with AJAX. However, the W3C standards state that GET should only be used for retrieving data, and POST should only be used for setting data. Although there might be no noticable difference to the end user, these standards should still be followed to avoid problems with robots or programs such as Google Web Accelerator.

Not cascading local changes to other parts of the page

Since Ajax/Javascript gives you such specific control over page content, it’s easy to get too focused on a single area of content and miss the overall integrated picture. An example of this is the Backpackit title. If you change a Backpackit page title, they immediately replace the title, they even remember to replace the title on the right, but they don’t replace the head title tag with the new page title. With Ajax you have to think about the whole picture even with localized changes.

Problem reporting

In a traditional server-side application, you have visibility into every exception, you can log all interesting events and benchmarks, and you can even record and view (if you wish) the actual HTML that the browser is rendering. With client-side applications, you may have no idea that something has gone wrong if you don’t know how to code correctly and log exceptions from the remotely called pages to your database.

Return on Investment

Sometimes AJAX can impressively improve the usability of an application (a great example is the star-rating feedback on Netflix), but more often you see examples of expensive rich-client applications that were no better than the plain HTML versions.

Mimicing browser page navigation behavior imperfectly

One example of this is blinklist Ajax paging mechanism on the front page. As you click to see another page of links, ajax fills in the next page. Except that if you are used to a browser experience, you probably expect to go to the top of the page when you hit next page, something JavaScript driven page navigation doesn’t do. BlinkList actually anticipates this and tries to counteract by manipulating your scrolling to scroll upwards until you hit the top. Except this can be slow and if you try scrolling down you will fight the upwards scrolling JavaScript and it won’t let you scroll down. But then again, that is very stupid way to program a page, with or without AJAX.

Another Tool

It seems everyone has forgotten that Ajax is just another tool in the toolbox for Web Design. You can use it or not and misuse it or not. The old 80/20 rule always applies to applications (if you cover 80% of what all users want/need then you have a viable app) and if you lose 11% of your audience because they don’t switch on their javascript then you have to ask yourself if changing your app is worth capturing that 11% or stick with 89% that are currently using it and move on to something else. Also web apps should take advantage of all tricks to enable them to function quickly and efficiently. If that means using javascript for some part, Ajax for another and ASP callbacks for a third, so be it.

Preventing Cached AJAX Requests

As a developer, you’re probably well aware of all the issues that commonly occur due to cached data. AJAX is not unique when it comes to these issues; in fact, this problem is fairly common. Luckily, there are workarounds, one of which involves JavaScript’s Date object. If you haven’t used this approach for other caching issues, you’ll be pleasantly surprised at how easy it is to implement.

When making a standard HTTP request, the browser caches the web pages that we visit. Query strings are one way to work around this behavior. Therefore, we could easily use a query to our advantage by adding a simple query at the end of an AJAX request. But this will solve only half of the problem—if the query is the same each time, the data can still be cached. Therefore, we need to create a unique query each time a request is made. There are many ways to handle this need, but the one that makes the most sense in this situation is to use time to our advantage—because time is always changing.

The example in Listing 1 takes a uri parameter that will be used to make the request. Once we create the appropriate request object, we then create an instance of the Date object that will be used to create the next variable, called uniqueURI. The uniqueURI starts with the uri parameter; then we use a condition that checks for the index of a question mark, which would symbolize an existing query string. If the query string exists, we simply append an ampersand to the query; otherwise, we append the question mark. For either condition, the uri is followed by a key/value pair of "timestamp=" plus the current time from the Date object. Once we have the uniqueURI, we’re ready to finish making the request.

Creating a Unique URI




function xmlLoader(uri)
{
var request;
if(window.XMLHttpRequest)
{
request = new XMLHttpRequest();
}
else if(window.ActiveXObject)
{
request = new ActiveXObject("MSXML2.XMLHTTP");
}
var timestamp = new Date();
var uniqueURI = uri+ (uri.indexOf("?") > 0 ? "&" : "?")+ "timestamp="+ timestamp.getTime();
request.onreadystatechange = callbackMethod;
request.open("GET", uniqueURI, true);
request.send(null);
}




The uniqueURI variable is all it takes to avoid cached requests with AJAX.

Top 100 Web 2.0 Sites

Here you are version 2.0 of the top 100 web 2.0 sites

thanks for your comments. By commenting on this post you will help enhancing the listing and ordering .

Video

  1. YouTube: YouTube is a popular free video sharing Web site which lets users upload, view, and share video clips.

  2. Meta Cafe: Metacafe - Get the best internet videos - Funny videos, Amazing clips, Rare movies

  3. Vimeo: Share your video clips. Upload video that you shoot with your digital camera, mobile phone, or camcorder. Share video by linking to Vimeo.

  4. Daily Motion Publish, tag, organize and share your video clips.

  5. Imeem: imeem is a social media service where users interact with each other by watching, posting, and sharing content of all media types, including blogs, photos, audio, and video. In one sense, imeem is a media-centric social network service, and in another sense, it is also a user participation service for online content.

  6. ClipShack: ClipShack is a community for videophiles; a destination where people can post their video for general public viewing and comment, share clips with friends and family, post video to blogs, share...

  7. vSocial: The fastest, easiest way to upload, watch and share your favorite video clips.

  8. Jumpcut: The best place to create, remix and share movies and slideshows online. There's nothing else like it. Jumpcut Makes Movies, Simple.

  9. Video Bomb: Video Bomb filters up the hottest videos on the internet: people submit links to the 'Incoming!' page and you bomb the best ones. If a video gets a lot of bombs quickly, it makes it to the front...

  10. eyeSpot: Shoot, Mix, and Share your Video. Use the eyespot Mixer to edit and combine your videos, music and photos online! Share your video and mixes with the world for Free

  11. revver : Upload, share videos

  12. Avidbeauty: Avid Beauty is an entertainment community for iPod users. We offer iPod downloads which are available in playlists known as Podcasts. We also offer Flickr photo, YouTube video and LiveJournal integration into your member profile.

Music

  1. last.fm: Generate custom streaming music stations with Last.fm by searching for and tagging your favorite artists. Build your own library and search the libraries of others to find who likes the same music as you

  2. Musicovery: Discover new music based on your mood, this free webradio let you browse music styles and epochs

  3. read.io :Read.io converts RSS feeds into podcasts via TextToSpeech. Many languages supported.

  4. MusicStrands: Search MusicStrands to discover new music. Listen to samples, then tag good tracks and exile the ones you don't like to get clear recommendations, either on site or with an optional iTunes plugin. Then purchase music from a variety of vendors.

  5. PODZINGER: PODZINGER - the world's premiere audio and video search engine

  6. Upto11: Using tags and rankings, Upto11 suggests new music for you. Create and share your recommendations, tags, and playlists via a personal user page.

  7. Pandora: Pandora is the music discovery service that helps you find new music based on your old and current favorites

Chat

  1. Meebo: meebo, the web messenger that lets you access IM from absolutely anywhere. meebo supports msn, yahoo, aol/aim, google talk (gtalk), jabber and icq

  2. Joopz: Allows users to send text messages from the Web to both individuals and groups, while enabling recipients to respond directly to the originating PC or Mac. Joopz web texts can be sent from any web-enabled device worldwide to any U.S. or Canadian mobile phone.

  3. campfire: Simple, Web-based group chat for businesses, Campfire allows real-time sharing, editing, and collaboration for team members in a secure, password-protected chat.

  4. Goowy: is a web based application offering free web and flash email service that enables you instant messaging, email, chat and much more

  5. Gizmo: Gizmo Project uses your internet connection (broadband or dial-up) to make calls to other computers. With the click of a mouse, you’re connected to friends, family, and colleagues anywhere on earth. It’s just that simple. You talk clearly. For as long as you want. For free.

  6. eBuddy: web based messaging for everyone, everywhere. e-Messenger is a web application that enables you to chat with your MSN, AOL and Yahoo buddies without having to install any program or Java applet.

  7. e-messenger: Online messaging from eBuddy is a web messenger application which supports MSN, Yahoo and AIM (AOL). When your school or office has blocked IM you can use the web version of eBuddy with any standard JavaScript enabled browser, even behind a firewall.

  8. ILOVEIM: eBuddy is a web messenger application which supports MSN, Yahoo and AIM (AOL). When your school or office has blocked IM you can use the web version of eBuddy with any standard JavaScript enabled browser, even behind a firewall.

Images & Photos

  1. Flickr: The best way to stor, search, sort and share your photos

  2. Zooomr:Universally the best way to share, search, store and sort your photos online.

  3. Slide:

  4. zoto

  5. 23HQ:Are your photos stuck on your hard drive, instead of being shared with the people who matter to you?

  6. Mybloop: MyBloop - sharing pictures, audio, and video for free, whithout storage limits and additional software to install

Blogs

  1. Blogger: your easy-to-use web site, where you can quickly post thoughts, interact with people, and more

  2. Weblogs, Inc: Creating trade weblogs across niche industries in which user participation is an essential component of the resulting product.

  3. BlogCode: BlogCode.com is a fast, easy and intuitive source of blog recommendations based on the StoryCode.com model. It allows you to start with your favourite weblog (or perhaps even your own) and find...

  4. blo.gs: lets you keep an eye on your favorite weblogs via the web and email. you can even put the list on your site: a blogroll that knows what is new!

  5. BlogLines: a FREE online service for searching, subscribing, creating and sharing news feeds, blogs and rich web content.

Bookmarking

  1. Digg: Digg is all about user powered content. Everything is submitted and voted on by the digg community. Share, discover, bookmark, and promote stuff that's important to you!

  2. del.icio.us: A social bookmarks manager. Using bookmarklets, you can add bookmarks to your list and categorize them

  3. Reddit: Reddit is a source for what's new and popular online. reddit learns what you like as you vote on existing links or submit your own!

  4. StumbleUpon: StumbleUpon uses thumbs up and down ratings to form collaborative opinions on website quality. When you stumble, you will only see pages which friends and like–minded stumblers have liked

  5. Blinklist: Real people with shared interests list the websites they care about. Rate sites you like or save them for later.

  6. Blummy: A free tool for quick access to your favorite web services via your bookmark toolbar, Blummy lets you add and customize widgets that do practically anything: add pictures to Flickr, submit sites to del.icio.us, look up text in WIkipedia. Choose from hundreds of custom "blummlets" or create your own.

  7. Techcrunch: TechCrunch is a blog about Web 2.0 products & companies, many of the posts written by Michael Arrington. The blog's first post was on June 11, 2005

  8. Furl: Make your favorite web bookmarks accessible from anywhere with Furl's lightweight bookmarklet. Furl allows you to easily save, take notes on and share the links you've stored, or browse others' most popular bookmarks to find new and interesting things.

  9. Spurl: Never lose track of a web site again with Spurl's free on-line bookmarking service and search engine. Spurl stores addresses quickly for easy access with a one-click bookmarklet and provides recommendations for new content based on your preferences

  10. Trailfire: Bookmaking sharing software.

VOIP

  1. Jajah: jah is a VoIP (Voice over IP) provider, founded by Austrians Roman Scharf and Daniel Mattes in 2005[1]. The Jajah headquarters are located in Mountain View, CA, USA, and Luxembourg. Jajah maintains a development centre in Israel.

  2. skype: It’s free to download and free to call other people on Skype. Skype the number one voice over ip software

  3. Private Phone: a free local phone number with voicemail and messages you can check online or from any phone.

Games & Sketching

  1. Trendio: Trendio.com is an online prediction market. Users, instead of buying stock in companies with real money, buy stock in certain news subjects with fake money. Words available include those from the world of politics, sport, and entertainment. The more the word appears in the news, the higher the value of the stock. Currently, the site uses about 3,000 online internet sources to gauge the value of each word.

  2. GameSnips: online games list, digg style. voting for each game, sort lists by latest or by votes

  3. Pictaps: Roxik Pictaps - Draw a Character and Watch It Dance in 3D

  4. Broadcast Game: The objective of the Broadcast game is to connect all of the terminals and cables on the grid to the central hub by fixing their orientations. All you need to do is click and rotate the cables, the terminals, or the hub.

  5. Pikipimp.com : Ever wanted to add bling to your iomages? Pikpimp is a relly cool ajax application that allows you to drop and drag objects on your image. Save the image and add to your site!

  6. Mainada: How aobut Comic Sketch (thanks Tiago)

Wikis

  1. Wikipedia: The biggest multilingual free-content encyclopedia on the Internet. Over two million articles and still growing.

  2. LittleWiki: LittleWiki is a Web site where you can create public and private wiki pages. A Wiki is a Web site where anyone can enter and edit content. That means you can post and edit information about virtually anything you wish, and you can read what others have posted too.

  3. Wetpaint: Wetpaint powers websites that tap the power of collaborative thinking. The heart of the Wetpaint advantage is its ability to allow anyone — especially those without technical skill — to create and contribute to websites written for and by those who share a passion or interest. To do this, Wetpaint combines the best aspects of wikis, blogs, forums and social networks so anyone can click and type on the web.

  4. JotSpot: Create and share wiki pages with a WYSIWYG editor via Jotspot's secure wiki hosting. Install various "applications" to refine your wiki content - project manager, company directory, blog, forum, poll, calendar, and more - then invite others to contribute

  5. PBWiki: Make a free, password protected wiki as easily as a peanut butter sandwich. Easily upload HTML, link files to your pages, integrate RSS, and more.

Office Tools

  1. Zoho Office Suite: Online Word Processor

  2. Google Docs & Spreadsheets: With Google Docs & Spreadsheets, you can: * Use our online editor to format documents, spell-check and more. * Upload Word documents, OpenOffice, RTF, HTML or text. * Download...

  3. Num Sum: Easy, Sharable Web Spreadsheets

  4. Dictinary : Online dictionary

  5. notifyr.org: Be ahead of the rest with notifyr.org. Notifyr is an easy to use tool which lets anybody easily receive instant updates on any web page around the world. Notifyr.org is ideal for those who want instant information on new stock, or new product release information. Best of all it's free - and always will be

  6. ThinkFree Office: Have you ever wanted to edit an Excel spreadsheet on a Linux system? Have you ever wanted to show your colleagues a presentation on a computer not equipped with Powerpoint? Would you like to be able...

  7. Numly: Numly is a web 2.0 startup offering next generation copyright and DRM licensing services for all things digital.

  8. gOffice: Free online word processor, outpput can be pdf or html letters, allows personalization in letter templates..

RSS

  1. FeedBurner: FeedBurner helps bloggers, podcasters and commercial publishers get more value from the content they create. Our advanced feed management technology deftly delivers subscription services for...

  2. Feed Digest: Feed Digest is a parser, regenerator, and syndicator for, and of, RSS and Atom feeds. It lets you do things like put the content of RSS or Atom feeds on your own site(s).

  3. Attensa: Attensa, Inc. is a venture backed software company developing RSS readers, online RSS aggregators, enterprise RSS servers and RSS infrastructure software that automatically and intelligently delivers...

  4. Tiny Tiny RSS: Tiny Tiny RSS is a web-based news feed aggregator, designed to allow you to read news from any location, while feeling as close to a real desktop application as possible.

  5. Feed43: This free online service converts any web page to an RSS feed on the fly.

  6. Feed Mailer: feeds direct to your email. (thanks John)

Emails

  1. Gmail: Gmail is an experiment in a new kind of webmail, built on the idea that you should never have to delete mail and you should always be able to find the message you want.

  2. 30 Gigs: 30Gigs.com is invite-only web-based email that offers, you guessed it, 30 gigabytes of space.

  3. Zookoda: is an email marketing application designed specifically for bloggers. Zookoda enables you to send a daily, weekly or monthly summary of your latest blog posts directly into your visitors inbox.

  4. Sprout: osted email management for your sales and support email. No IT department required. Mailroom can organize your email and suggest replies to save you time and keep you better in touch with your customers. There is nothing to setup and it takes only a minute to get started

  5. Gawab: Offers a web mail service with a number of features. Supports POP/SMTP.

News

  1. NewsGator: Read all of your favorite news, websites and blogs all in one place.

  2. newsvine.com: Keep track of breaking news with Newsvine: read "The Wire" for a direct stream of articles from the AP and ESPN, and read "The Vine" for Newsvine user submitted content and columns. Interact with other Newsvine readers by voting for and commenting on news, and write/maintain your own Newsvine column.

  3. Gabbr :Gabbr is a community-based social news and blogging network which allows users to save and share their favorite top news headlines and blog posts.

  4. wired: News site and magazine, covering technology, culture, business and politics.

  5. Clipmarks: Bite-size hiligh-lights on the web.

File Sharing

  1. Box.Net: Free online file storage and sharing from Box.net! Our internet storage service enables you to save, browse, share, & retrieve files, photos, and documents ...

  2. AllPeers:Unleash your online experience and discover unlimited private sharing. Share private photos worry-free. No passwords to remember, no public access. Share your videos without uploading - save on hosting costs while saving time.No cumbersome interface. No sharing restriction. Private and secure. No spyware, no adware, no annoying advertisements.

  3. MailBigFile internet application for file sharing

Others

  1. Live: Microsoft web 2.0 portal

  2. LinkedIn: is like Facebook for business professionals: Build yourself a business network to give you credibility in job searches and hiring, or use LinkedIn to reconnect or keep in touch with important business connections.

  3. BaseCamp: Simple project management with to-do lists, milestones, time tracking, file sharing, calendars, and more. Basecamp is a solution for taking charge of communication, collaboration, and organization for projects big and small.

  4. Side Job Track: A job tracking application for independent contractors, Sidejobtrack creates and manages invoices for goods, services, and time, then produces monetary reports to track payments and income.

  5. Kayak.com searches hundreds of travel sites to give you the widest possible choice of flights and prices. It costs nothing to search and not a cent to book because we're not a travel agency.

  6. TravBuddy is a site for people who love to explore. You don't have to be traveling across the world to use this site. Maybe you just want to share advice about a local restaurant you enjoy, or perhaps last weekend you discovered an amazing new place to watch the sunset, right in your hometown. Whether you are exploring at home or exploring abroad, the art and joy of discovery is still the same. Something that is familiar to you might be amazing and new to someone who is visiting.

  7. Wayfaring is an interesting new site that lets you tag and create your own routes and places on Google maps

  8. Omnidrive: As the world's first complete storage aggregator, Omnidrive allows you to bring all your files and content together from your desktop, devices and the web onto a single space that's easily accessible from any platform.

  9. ma.gnolia: Build your web site and build community online

  10. Ajaxian: Ajax related blog

  11. Web 2.0 Sites: web 2.0 sites directory, for all web 2.0 related services.

Thursday, April 19, 2007

View 57 Apache Status Codes and ErrorDocuments

HTTP Status Codes


There are a total of 57 HTTP Status Codes recognized by the Apache Web Server.

Intro


I was trying to find an official, authoritative list of HTTP Status Codes but I kept finding lists that varied from one to another.. Then I found the lisdt in the Apache Source Code. (2 files attached below)

Once I compiled the list of Apache-recognized Status Codes, I was dying to try them all and see for myself on MY server what these unusual and rare headers would do. At first I thought I would have to create a script for each of the 57 Status Codes, a tedious undertaking I did not want to do. So I decided to check the Apache Docs to look for ambiguity around the sending of Status Codes with an Apache Directive.

Then while I was reading up on mod_alias and the Redirect directive I read this:

Syntax: Redirect [status] URL-path URL
The status argument can be used to return other HTTP status codes. Other status codes can be returned by giving the numeric status code as the value of status. If the status is between 300 and 399, the URL argument must be present, otherwise it must be omitted.

Quick Start to See Results


Let start with a quick and easy example. Add the following Redirect rules to your htaccess file. Don’t create a /e/ directory or any files.. Then open your browser and Request http://www.yoursite.com/e/400, Now do the same for http://www.yoursite.com/e/503 and finally http://www.yoursite.com/e/405

Redirect 400 /e/400
Redirect 503 /e/503
Redirect 405 /e/405

Now you definately should have a really good feeling about this!

Automating the process


The htaccess Redirects

When a Status code is encountered, Apache outputs the Header and the ErrorDocument for that error code. So you can view any Header and the default ErrorDocument, by causing that numerical error code, which is caused by the Status Code.

For instance, if you request a file that doesn’t exist, a 404 Not Found Header is issued and the corresponding ErrorDocument is served with the 404 Not Found Header.

Redirect 100 /e/100
Redirect 101 /e/101
Redirect 102 /e/102
Redirect 200 /e/200
Redirect 201 /e/201
Redirect 202 /e/202
Redirect 203 /e/203
Redirect 204 /e/204
Redirect 205 /e/205
Redirect 206 /e/206
Redirect 207 /e/207
Redirect 300 /e/300 http://www.yourdomain.com/?s=300
Redirect 301 /e/301 http://www.yourdomain.com/?s=301
Redirect 302 /e/302 http://www.yourdomain.com/?s=302
Redirect 303 /e/303 http://www.yourdomain.com/?s=303
Redirect 304 /e/304 http://www.yourdomain.com/?s=304
Redirect 305 /e/305 http://www.yourdomain.com/?s=305
Redirect 306 /e/306 http://www.yourdomain.com/?s=306
Redirect 307 /e/307 http://www.yourdomain.com/?s=307
Redirect 400 /e/400
Redirect 401 /e/401
Redirect 402 /e/402
Redirect 403 /e/403
Redirect 404 /e/404
Redirect 405 /e/405
Redirect 406 /e/406
Redirect 407 /e/407
Redirect 408 /e/408
Redirect 409 /e/409
Redirect 410 /e/410
Redirect 411 /e/411
Redirect 412 /e/412
Redirect 413 /e/413
Redirect 414 /e/414
Redirect 415 /e/415
Redirect 416 /e/416
Redirect 417 /e/417
Redirect 418 /e/418
Redirect 419 /e/419
Redirect 420 /e/420
Redirect 421 /e/421
Redirect 422 /e/422
Redirect 423 /e/423
Redirect 424 /e/424
Redirect 425 /e/425
Redirect 426 /e/426
Redirect 500 /e/500
Redirect 501 /e/501
Redirect 502 /e/502
Redirect 503 /e/503
Redirect 504 /e/504
Redirect 505 /e/505
Redirect 506 /e/506
Redirect 507 /e/507
Redirect 508 /e/508
Redirect 509 /e/509
Redirect 510 /e/510

PHP script that gets and outputs the Headers/Content

Now all I have to do is add 57 Redirect Directives to my htaccess, and then request each of them 1 at a time from my browser to see the result, and use a packet sniffing program like WireShark to see the Headers. Uh, scratch that, that would take way too long!

Instead I hacked up a simple php script using cURL to automate sending GET Requests to each of the 57 Redirect URL-paths. A side benefit of using the php script is that it performs all 57 Requests concurrently and saves each Requests returned headers and content to an output buffer. After all 57 have been queried, the output buffer is flushed to the browser.

$res)
{
foreach($res as $key)
{
$ch = curl_init("$SITENAME/e/$key");
$fp = fopen ($TMPSAVETO, "a");
curl_setopt ($ch, CURLOPT_FILE, $fp);
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION ,1);
curl_setopt ($ch, CURLOPT_HEADER ,1);
curl_exec ($ch);
curl_close ($ch);
fclose ($fp);
}
}
$OUT='';
ob_start();
header ("Content-Type: text/plain;");
readfile($TMPSAVETO);
$OUT=ob_get_clean();
echo $OUT;
unlink($TMPSAVETO);
exit;
?>

57 APACHE HTTP STATUS RESPONSE CODES



Code Message Description
100 Continue
101 Switching Protocols
102 Processing
200 OK
201 Created
202 Accepted
203 Non-Authoritative Information
204 No Content
205 Reset Content
206 Partial Content
207 Multi-Status
300 Multiple Choices
301 Moved Permanently
302 Found
303 See Other
304 Not Modified
305 Use Proxy
306 unused
307 Temporary Redirect
400 Bad Request
401 Authorization Required
402 Payment Required
403 Forbidden
404 Not Found
405 Method Not Allowed
406 Not Acceptable
407 Proxy Authentication Required
408 Request Time-out
409 Conflict
410 Gone
411 Length Required
412 Precondition Failed
413 Request Entity Too Large
414 Request-URI Too Large
415 Unsupported Media Type
416 Requested Range Not Satisfiable
417 Expectation Failed
418 unused
419 unused
420 unused
421 unused
422 Unprocessable Entity
423 Locked
424 Failed Dependency
425 No code
426 Upgrade Required
500 Internal Server Error
501 Method Not Implemented
502 Bad Gateway
503 Service Temporarily Unavailable
504 Gateway Time-out
505 HTTP Version Not Supported
506 Variant Also Negotiates
507 Insufficient Storage
508 unused
509 unused
510 Not Extended

Headers and Content Returned


100 Continue

HTTP/1.1 100 Continue
Date: Sun, 04 Mar 2007 10:01:11 GMT
Server: Apache/2.0.54 (Unix) PHP/4.4.4 mod_ssl/2.0.54 OpenSSL/0.9.7e mod_fastcgi/2.4.2 DAV/2 SVN/1.3.2
Vary: Accept-Encoding
Content-Length: 517
Content-Type: text/html; charset=iso-8859-1


100 Continue

Continue


The server encountered an internal error or
misconfiguration and was unable to complete
your request.


Please contact the server administrator,
spam@sitename.com and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.


More information about this error may be available
in the server error log.




101 Switching Protocols

HTTP/1.1 101 Switching Protocols
Date: Sun, 04 Mar 2007 10:01:26 GMT
Server: Apache/2.0.54 (Unix) PHP/4.4.4 mod_ssl/2.0.54 OpenSSL/0.9.7e mod_fastcgi/2.4.2 DAV/2 SVN/1.3.2
Vary: Accept-Encoding
Content-Length: 539
Content-Type: text/html; charset=iso-8859-1



101 Switching Protocols

Switching Protocols


The server encountered an internal error or
misconfiguration and was unable to complete
your request.


Please contact the server administrator,
spam@sitename.com and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.


More information about this error may be available
in the server error log.




102 Processing

HTTP/1.1 102 Processing
Date: Sun, 04 Mar 2007 10:01:26 GMT
Server: Apache/2.0.54 (Unix) PHP/4.4.4 mod_ssl/2.0.54 OpenSSL/0.9.7e mod_fastcgi/2.4.2 DAV/2 SVN/1.3.2
Vary: Accept-Encoding
Content-Length: 521
Content-Type: text/html; charset=iso-8859-1
X-Pad: avoid browser bug



102 Processing

Processing


The server encountered an internal error or
misconfiguration and was unable to complete
your request.


Please contact the server administrator,
spam@sitename.com and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.


More information about this error may be available
in the server error log.




200 OK

HTTP/1.1 200 OK
Date: Sun, 04 Mar 2007 10:01:26 GMT
Server: Apache/2.0.54 (Unix) PHP/4.4.4 mod_ssl/2.0.54 OpenSSL/0.9.7e mod_fastcgi/2.4.2 DAV/2 SVN/1.3.2
Vary: Accept-Encoding
Content-Length: 505
Content-Type: text/html; charset=iso-8859-1



200 OK

OK


The server encountered an internal error or
misconfiguration and was unable to complete
your request.


Please contact the server administrator,
spam@sitename.com and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.


More information about this error may be available
in the server error log.




201 Created

HTTP/1.1 201 Created
Date: Sun, 04 Mar 2007 10:01:26 GMT
Server: Apache/2.0.54 (Unix) PHP/4.4.4 mod_ssl/2.0.54 OpenSSL/0.9.7e mod_fastcgi/2.4.2 DAV/2 SVN/1.3.2
Vary: Accept-Encoding
Content-Length: 515
Content-Type: text/html; charset=iso-8859-1



201 Created

Created


The server encountered an internal error or
misconfiguration and was unable to complete
your request.


Please contact the server administrator,
spam@sitename.com and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.


More information about this error may be available
in the server error log.




202 Accepted

HTTP/1.1 202 Accepted
Date: Sun, 04 Mar 2007 10:01:26 GMT
Server: Apache/2.0.54 (Unix) PHP/4.4.4 mod_ssl/2.0.54 OpenSSL/0.9.7e mod_fastcgi/2.4.2 DAV/2 SVN/1.3.2
Vary: Accept-Encoding
Content-Length: 517
Content-Type: text/html; charset=iso-8859-1



202 Accepted

Accepted


The server encountered an internal error or
misconfiguration and was unable to complete
your request.


Please contact the server administrator,
spam@sitename.com and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.


More information about this error may be available
in the server error log.




203 Non-Authoritative Information

HTTP/1.1 203 Non-Authoritative Information
Date: Sun, 04 Mar 2007 10:01:26 GMT
Server: Apache/2.0.54 (Unix) PHP/4.4.4 mod_ssl/2.0.54 OpenSSL/0.9.7e mod_fastcgi/2.4.2 DAV/2 SVN/1.3.2
Vary: Accept-Encoding
Content-Length: 559
Content-Type: text/html; charset=iso-8859-1



203 Non-Authoritative Information

Non-Authoritative Information


The server encountered an internal error or
misconfiguration and was unable to complete
your request.


Please contact the server administrator,
spam@sitename.com and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.


More information about this error may be available
in the server error log.




204 No Content

HTTP/1.1 204 No Content
Date: Sun, 04 Mar 2007 10:01:26 GMT
Server: Apache/2.0.54 (Unix) PHP/4.4.4 mod_ssl/2.0.54 OpenSSL/0.9.7e mod_fastcgi/2.4.2 DAV/2 SVN/1.3.2
Content-Length: 0
Content-Type: text/plain; charset=UTF-8


205 Reset Content

HTTP/1.1 205 Reset Content
Date: Sun, 04 Mar 2007 10:01:26 GMT
Server: Apache/2.0.54 (Unix) PHP/4.4.4 mod_ssl/2.0.54 OpenSSL/0.9.7e mod_fastcgi/2.4.2 DAV/2 SVN/1.3.2
Vary: Accept-Encoding
Content-Length: 527
Content-Type: text/html; charset=iso-8859-1



205 Reset Content

Reset Content


The server encountered an internal error or
misconfiguration and was unable to complete
your request.


Please contact the server administrator,
spam@sitename.com and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.


More information about this error may be available
in the server error log.




206 Partial Content

HTTP/1.1 206 Partial Content
Date: Sun, 04 Mar 2007 10:01:26 GMT
Server: Apache/2.0.54 (Unix) PHP/4.4.4 mod_ssl/2.0.54 OpenSSL/0.9.7e mod_fastcgi/2.4.2 DAV/2 SVN/1.3.2
Vary: Accept-Encoding
Content-Length: 531
Content-Type: text/html; charset=iso-8859-1



206 Partial Content

Partial Content


The server encountered an internal error or
misconfiguration and was unable to complete
your request.


Please contact the server administrator,
spam@sitename.com and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.


More information about this error may be available
in the server error log.




207 Multi-Status

HTTP/1.1 207 Multi-Status
Date: Sun, 04 Mar 2007 10:01:26 GMT
Server: Apache/2.0.54 (Unix) PHP/4.4.4 mod_ssl/2.0.54 OpenSSL/0.9.7e mod_fastcgi/2.4.2 DAV/2 SVN/1.3.2
Vary: Accept-Encoding
Content-Length: 525
Content-Type: text/html; charset=iso-8859-1
X-Pad: avoid browser bug



207 Multi-Status

Multi-Status


The server encountered an internal error or
misconfiguration and was unable to complete
your request.


Please contact the server administrator,
spam@sitename.com and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.


More information about this error may be available
in the server error log.




300 Multiple Choices

HTTP/1.1 300 Multiple Choices
Date: Sun, 04 Mar 2007 10:01:26 GMT
Server: Apache/2.0.54 (Unix) PHP/4.4.4 mod_ssl/2.0.54 OpenSSL/0.9.7e mod_fastcgi/2.4.2 DAV/2 SVN/1.3.2
Location: http://www.yourdomain.com/?s=300
Vary: Accept-Encoding
Content-Length: 155
Content-Type: text/html; charset=iso-8859-1



300 Multiple Choices

Multiple Choices




301 Moved Permanently

HTTP/1.1 301 Moved Permanently
Date: Sun, 04 Mar 2007 10:01:26 GMT
Server: Apache/2.0.54 (Unix) PHP/4.4.4 mod_ssl/2.0.54 OpenSSL/0.9.7e mod_fastcgi/2.4.2 DAV/2 SVN/1.3.2
Location: http://www.yourdomain.com/?s=301
Vary: Accept-Encoding
Content-Length: 239
Content-Type: text/html; charset=iso-8859-1



301 Moved Permanently

Moved Permanently


The document has moved here.




302 Found

HTTP/1.1 302 Found
Date: Sun, 04 Mar 2007 10:01:26 GMT
Server: Apache/2.0.54 (Unix) PHP/4.4.4 mod_ssl/2.0.54 OpenSSL/0.9.7e mod_fastcgi/2.4.2 DAV/2 SVN/1.3.2
Location: http://www.yourdomain.com/?s=302
Vary: Accept-Encoding
Content-Length: 215
Content-Type: text/html; charset=iso-8859-1



302 Found

Found


The document has moved here.




303 See Other

HTTP/1.1 303 See Other
Date: Sun, 04 Mar 2007 10:01:26 GMT
Server: Apache/2.0.54 (Unix) PHP/4.4.4 mod_ssl/2.0.54 OpenSSL/0.9.7e mod_fastcgi/2.4.2 DAV/2 SVN/1.3.2
Location: http://www.yourdomain.com/?s=303
Vary: Accept-Encoding
Content-Length: 238
Content-Type: text/html; charset=iso-8859-1



303 See Other

See Other


The answer to your request is located here.




304 Not Modified

HTTP/1.1 304 Not Modified
Date: Sun, 04 Mar 2007 10:01:26 GMT
Server: Apache/2.0.54 (Unix) PHP/4.4.4 mod_ssl/2.0.54 OpenSSL/0.9.7e mod_fastcgi/2.4.2 DAV/2 SVN/1.3.2

305 Use Proxy

HTTP/1.1 305 Use Proxy
Date: Sun, 04 Mar 2007 10:01:26 GMT
Server: Apache/2.0.54 (Unix) PHP/4.4.4 mod_ssl/2.0.54 OpenSSL/0.9.7e mod_fastcgi/2.4.2 DAV/2 SVN/1.3.2
Location: http://www.yourdomain.com/?s=305
Vary: Accept-Encoding
Content-Length: 295
Content-Type: text/html; charset=iso-8859-1



305 Use Proxy

Use Proxy


This resource is only accessible through the proxy
http://www.yourdomain.com/?s=305

You will need to configure your client to use that proxy.




306 unused

HTTP/1.1 306 unused
Date: Sun, 04 Mar 2007 10:01:26 GMT
Server: Apache/2.0.54 (Unix) PHP/4.4.4 mod_ssl/2.0.54 OpenSSL/0.9.7e mod_fastcgi/2.4.2 DAV/2 SVN/1.3.2
Location: http://www.yourdomain.com/?s=306
Vary: Accept-Encoding
Content-Length: 513
Content-Type: text/html; charset=iso-8859-1



306 unused

unused


The server encountered an internal error or
misconfiguration and was unable to complete
your request.


Please contact the server administrator,
spam@sitename.com and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.


More information about this error may be available
in the server error log.




307 Temporary Redirect

HTTP/1.1 307 Temporary Redirect
Date: Sun, 04 Mar 2007 10:01:26 GMT
Server: Apache/2.0.54 (Unix) PHP/4.4.4 mod_ssl/2.0.54 OpenSSL/0.9.7e mod_fastcgi/2.4.2 DAV/2 SVN/1.3.2
Location: http://www.yourdomain.com/?s=307
Vary: Accept-Encoding
Content-Length: 241
Content-Type: text/html; charset=iso-8859-1



307 Temporary Redirect

Temporary Redirect


The document has moved here.




400 Bad Request

HTTP/1.1 400 Bad Request
Date: Sun, 04 Mar 2007 10:01:26 GMT
Server: Apache/2.0.54 (Unix) PHP/4.4.4 mod_ssl/2.0.54 OpenSSL/0.9.7e mod_fastcgi/2.4.2 DAV/2 SVN/1.3.2
Vary: Accept-Encoding
Content-Length: 226
Connection: close
Content-Type: text/html; charset=iso-8859-1



400 Bad Request

Bad Request


Your browser sent a request that this server could not understand.




401 Authorization Required

HTTP/1.1 401 Authorization Required
Date: Sun, 04 Mar 2007 10:01:26 GMT
Server: Apache/2.0.54 (Unix) PHP/4.4.4 mod_ssl/2.0.54 OpenSSL/0.9.7e mod_fastcgi/2.4.2 DAV/2 SVN/1.3.2
Vary: Accept-Encoding
Content-Length: 520
Content-Type: text/html; charset=iso-8859-1



401 Authorization Required

Authorization Required


This server could not verify that you
are authorized to access the document
requested. Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.


Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.




402 Payment Required

HTTP/1.1 402 Payment Required
Date: Sun, 04 Mar 2007 10:01:26 GMT
Server: Apache/2.0.54 (Unix) PHP/4.4.4 mod_ssl/2.0.54 OpenSSL/0.9.7e mod_fastcgi/2.4.2 DAV/2 SVN/1.3.2
Vary: Accept-Encoding
Content-Length: 533
Content-Type: text/html; charset=iso-8859-1



402 Payment Required

Payment Required


The server encountered an internal error or
misconfiguration and was unable to complete
your request.


Please contact the server administrator,
spam@sitename.com and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.


More information about this error may be available
in the server error log.




403 Forbidden

HTTP/1.1 403 Forbidden
Date: Sun, 04 Mar 2007 10:01:26 GMT
Server: Apache/2.0.54 (Unix) PHP/4.4.4 mod_ssl/2.0.54 OpenSSL/0.9.7e mod_fastcgi/2.4.2 DAV/2 SVN/1.3.2
Vary: Accept-Encoding
Content-Length: 326
Content-Type: text/html; charset=iso-8859-1



403 Forbidden

Forbidden


You don't have permission to access /e/403
on this server.


Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.




404 Not Found

HTTP/1.1 404 Not Found
Date: Sun, 04 Mar 2007 10:01:26 GMT
Server: Apache/2.0.54 (Unix) PHP/4.4.4 mod_ssl/2.0.54 OpenSSL/0.9.7e mod_fastcgi/2.4.2 DAV/2 SVN/1.3.2
Vary: Accept-Encoding
Content-Length: 203
Content-Type: text/html; charset=iso-8859-1



404 Not Found

Not Found


The requested URL /e/404 was not found on this server.




405 Method Not Allowed

HTTP/1.1 405 Method Not Allowed
Date: Sun, 04 Mar 2007 10:01:26 GMT
Server: Apache/2.0.54 (Unix) PHP/4.4.4 mod_ssl/2.0.54 OpenSSL/0.9.7e mod_fastcgi/2.4.2 DAV/2 SVN/1.3.2
Allow: TRACE
Vary: Accept-Encoding
Content-Length: 226
Content-Type: text/html; charset=iso-8859-1



405 Method Not Allowed

Method Not Allowed


The requested method GET is not allowed for the URL /e/405.




406 Not Acceptable

HTTP/1.1 406 Not Acceptable
Date: Sun, 04 Mar 2007 10:01:26 GMT
Server: Apache/2.0.54 (Unix) PHP/4.4.4 mod_ssl/2.0.54 OpenSSL/0.9.7e mod_fastcgi/2.4.2 DAV/2 SVN/1.3.2
Vary: Accept-Encoding
Content-Length: 256
Content-Type: text/html; charset=iso-8859-1



406 Not Acceptable

Not Acceptable


An appropriate representation of the requested resource /e/406 could not be found on this server.




407 Proxy Authentication Required

HTTP/1.1 407 Proxy Authentication Required
Date: Sun, 04 Mar 2007 10:01:26 GMT
Server: Apache/2.0.54 (Unix) PHP/4.4.4 mod_ssl/2.0.54 OpenSSL/0.9.7e mod_fastcgi/2.4.2 DAV/2 SVN/1.3.2
Vary: Accept-Encoding
Content-Length: 415
Content-Type: text/html; charset=iso-8859-1



407 Proxy Authentication Required

Proxy Authentication Required


This server could not verify that you
are authorized to access the document
requested. Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.




408 Request Time-out

HTTP/1.1 408 Request Time-out
Date: Sun, 04 Mar 2007 10:01:26 GMT
Server: Apache/2.0.54 (Unix) PHP/4.4.4 mod_ssl/2.0.54 OpenSSL/0.9.7e mod_fastcgi/2.4.2 DAV/2 SVN/1.3.2
Vary: Accept-Encoding
Content-Length: 223
Connection: close
Content-Type: text/html; charset=iso-8859-1



408 Request Time-out

Request Time-out


Server timeout waiting for the HTTP request from the client.




409 Conflict

HTTP/1.1 409 Conflict
Date: Sun, 04 Mar 2007 10:01:26 GMT
Server: Apache/2.0.54 (Unix) PHP/4.4.4 mod_ssl/2.0.54 OpenSSL/0.9.7e mod_fastcgi/2.4.2 DAV/2 SVN/1.3.2
Vary: Accept-Encoding
Content-Length: 517
Content-Type: text/html; charset=iso-8859-1



409 Conflict

Conflict


The server encountered an internal error or
misconfiguration and was unable to complete
your request.


Please contact the server administrator,
spam@sitename.com and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.


More information about this error may be available
in the server error log.




410 Gone

HTTP/1.1 410 Gone
Date: Sun, 04 Mar 2007 10:01:26 GMT
Server: Apache/2.0.54 (Unix) PHP/4.4.4 mod_ssl/2.0.54 OpenSSL/0.9.7e mod_fastcgi/2.4.2 DAV/2 SVN/1.3.2
Vary: Accept-Encoding
Content-Length: 300
Content-Type: text/html; charset=iso-8859-1



410 Gone

Gone


The requested resource
/e/410

is no longer available on this server and there is no forwarding address.
Please remove all references to this resource.




411 Length Required

HTTP/1.1 411 Length Required
Date: Sun, 04 Mar 2007 10:01:26 GMT
Server: Apache/2.0.54 (Unix) PHP/4.4.4 mod_ssl/2.0.54 OpenSSL/0.9.7e mod_fastcgi/2.4.2 DAV/2 SVN/1.3.2
Vary: Accept-Encoding
Content-Length: 238
Connection: close
Content-Type: text/html; charset=iso-8859-1



411 Length Required

Length Required


A request of the requested method GET requires a valid Content-length.




412 Precondition Failed

HTTP/1.1 412 Precondition Failed
Date: Sun, 04 Mar 2007 10:01:26 GMT
Server: Apache/2.0.54 (Unix) PHP/4.4.4 mod_ssl/2.0.54 OpenSSL/0.9.7e mod_fastcgi/2.4.2 DAV/2 SVN/1.3.2
Vary: Accept-Encoding
Content-Length: 239
Content-Type: text/html; charset=iso-8859-1



412 Precondition Failed

Precondition Failed


The precondition on the request for the URL /e/412 evaluated to false.




413 Request Entity Too Large

HTTP/1.1 413 Request Entity Too Large
Date: Sun, 04 Mar 2007 10:01:27 GMT
Server: Apache/2.0.54 (Unix) PHP/4.4.4 mod_ssl/2.0.54 OpenSSL/0.9.7e mod_fastcgi/2.4.2 DAV/2 SVN/1.3.2
Vary: Accept-Encoding
Content-Length: 333
Connection: close
Content-Type: text/html; charset=iso-8859-1



413 Request Entity Too Large

Request Entity Too Large


The requested resource
/e/413

does not allow request data with GET requests, or the amount of data provided in
the request exceeds the capacity limit.


414 Request-URI Too Large

HTTP/1.1 414 Request-URI Too Large
Date: Sun, 04 Mar 2007 10:01:27 GMT
Server: Apache/2.0.54 (Unix) PHP/4.4.4 mod_ssl/2.0.54 OpenSSL/0.9.7e mod_fastcgi/2.4.2 DAV/2 SVN/1.3.2
Vary: Accept-Encoding
Content-Length: 250
Connection: close
Content-Type: text/html; charset=iso-8859-1



414 Request-URI Too Large

Request-URI Too Large


The requested URL's length exceeds the capacity
limit for this server.




415 Unsupported Media Type

HTTP/1.1 415 Unsupported Media Type
Date: Sun, 04 Mar 2007 10:01:27 GMT
Server: Apache/2.0.54 (Unix) PHP/4.4.4 mod_ssl/2.0.54 OpenSSL/0.9.7e mod_fastcgi/2.4.2 DAV/2 SVN/1.3.2
Vary: Accept-Encoding
Content-Length: 263
Content-Type: text/html; charset=iso-8859-1



415 Unsupported Media Type

Unsupported Media Type


The supplied request data is not in a format
acceptable for processing by this resource.




416 Requested Range Not Satisfiable

HTTP/1.1 416 Requested Range Not Satisfiable
Date: Sun, 04 Mar 2007 10:01:27 GMT
Server: Apache/2.0.54 (Unix) PHP/4.4.4 mod_ssl/2.0.54 OpenSSL/0.9.7e mod_fastcgi/2.4.2 DAV/2 SVN/1.3.2
Vary: Accept-Encoding
Content-Length: 314
Content-Type: text/html; charset=iso-8859-1

417 Expectation Failed

HTTP/1.1 417 Expectation Failed
Date: Sun, 04 Mar 2007 10:01:27 GMT
Server: Apache/2.0.54 (Unix) PHP/4.4.4 mod_ssl/2.0.54 OpenSSL/0.9.7e mod_fastcgi/2.4.2 DAV/2 SVN/1.3.2
Vary: Accept-Encoding
Content-Length: 292
Content-Type: text/html; charset=iso-8859-1



417 Expectation Failed

Expectation Failed


The expectation given in the Expect request-header
field could not be met by this server.


The client sent<pre>
Expect:



418 unused

HTTP/1.1 418 unused
Date: Sun, 04 Mar 2007 10:01:27 GMT
Server: Apache/2.0.54 (Unix) PHP/4.4.4 mod_ssl/2.0.54 OpenSSL/0.9.7e mod_fastcgi/2.4.2 DAV/2 SVN/1.3.2
Vary: Accept-Encoding
Content-Length: 513
Content-Type: text/html; charset=iso-8859-1



418 unused

unused


The server encountered an internal error or
misconfiguration and was unable to complete
your request.


Please contact the server administrator,
spam@sitename.com and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.


More information about this error may be available
in the server error log.




419 unused

HTTP/1.1 419 unused
Date: Sun, 04 Mar 2007 10:01:27 GMT
Server: Apache/2.0.54 (Unix) PHP/4.4.4 mod_ssl/2.0.54 OpenSSL/0.9.7e mod_fastcgi/2.4.2 DAV/2 SVN/1.3.2
Vary: Accept-Encoding
Content-Length: 513
Content-Type: text/html; charset=iso-8859-1



419 unused

unused


The server encountered an internal error or
misconfiguration and was unable to complete
your request.


Please contact the server administrator,
spam@sitename.com and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.


More information about this error may be available
in the server error log.




420 unused

HTTP/1.1 420 unused
Date: Sun, 04 Mar 2007 10:01:27 GMT
Server: Apache/2.0.54 (Unix) PHP/4.4.4 mod_ssl/2.0.54 OpenSSL/0.9.7e mod_fastcgi/2.4.2 DAV/2 SVN/1.3.2
Vary: Accept-Encoding
Content-Length: 513
Content-Type: text/html; charset=iso-8859-1



420 unused

unused


The server encountered an internal error or
misconfiguration and was unable to complete
your request.


Please contact the server administrator,
spam@sitename.com and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.


More information about this error may be available
in the server error log.




421 unused

HTTP/1.1 421 unused
Date: Sun, 04 Mar 2007 10:01:27 GMT
Server: Apache/2.0.54 (Unix) PHP/4.4.4 mod_ssl/2.0.54 OpenSSL/0.9.7e mod_fastcgi/2.4.2 DAV/2 SVN/1.3.2
Vary: Accept-Encoding
Content-Length: 513
Content-Type: text/html; charset=iso-8859-1



421 unused

unused


The server encountered an internal error or
misconfiguration and was unable to complete
your request.


Please contact the server administrator,
spam@sitename.com and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.


More information about this error may be available
in the server error log.




422 Unprocessable Entity

HTTP/1.1 422 Unprocessable Entity
Date: Sun, 04 Mar 2007 10:01:27 GMT
Server: Apache/2.0.54 (Unix) PHP/4.4.4 mod_ssl/2.0.54 OpenSSL/0.9.7e mod_fastcgi/2.4.2 DAV/2 SVN/1.3.2
Vary: Accept-Encoding
Content-Length: 285
Content-Type: text/html; charset=iso-8859-1



422 Unprocessable Entity

Unprocessable Entity


The server understands the media type of the
request entity, but was unable to process the
contained instructions.




423 Locked

HTTP/1.1 423 Locked
Date: Sun, 04 Mar 2007 10:01:27 GMT
Server: Apache/2.0.54 (Unix) PHP/4.4.4 mod_ssl/2.0.54 OpenSSL/0.9.7e mod_fastcgi/2.4.2 DAV/2 SVN/1.3.2
Vary: Accept-Encoding
Content-Length: 277
Content-Type: text/html; charset=iso-8859-1



423 Locked

Locked


The requested resource is currently locked.
The lock must be released or proper identification
given before the method can be applied.




424 Failed Dependency

HTTP/1.1 424 Failed Dependency
Date: Sun, 04 Mar 2007 10:01:27 GMT
Server: Apache/2.0.54 (Unix) PHP/4.4.4 mod_ssl/2.0.54 OpenSSL/0.9.7e mod_fastcgi/2.4.2 DAV/2 SVN/1.3.2
Vary: Accept-Encoding
Content-Length: 300
Content-Type: text/html; charset=iso-8859-1



424 Failed Dependency

Failed Dependency


The method could not be performed on the resource
because the requested action depended on another
action and that other action failed.




425 No code

HTTP/1.1 425 No code
Date: Sun, 04 Mar 2007 10:01:27 GMT
Server: Apache/2.0.54 (Unix) PHP/4.4.4 mod_ssl/2.0.54 OpenSSL/0.9.7e mod_fastcgi/2.4.2 DAV/2 SVN/1.3.2
Vary: Accept-Encoding
Content-Length: 515
Content-Type: text/html; charset=iso-8859-1



425 No code

No code


The server encountered an internal error or
misconfiguration and was unable to complete
your request.


Please contact the server administrator,
spam@sitename.com and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.


More information about this error may be available
in the server error log.




426 Upgrade Required

HTTP/1.1 426 Upgrade Required
Date: Sun, 04 Mar 2007 10:01:27 GMT
Server: Apache/2.0.54 (Unix) PHP/4.4.4 mod_ssl/2.0.54 OpenSSL/0.9.7e mod_fastcgi/2.4.2 DAV/2 SVN/1.3.2
Vary: Accept-Encoding
Content-Length: 385
Content-Type: text/html; charset=iso-8859-1



426 Upgrade Required

Upgrade Required


The requested resource can only be retrieved
using SSL. The server is willing to upgrade the current
connection to SSL, but your client doesn't support it.
Either upgrade your client, or try requesting the page
using https://



500 Internal Server Error

HTTP/1.1 500 Internal Server Error
Date: Sun, 04 Mar 2007 10:01:27 GMT
Server: Apache/2.0.54 (Unix) PHP/4.4.4 mod_ssl/2.0.54 OpenSSL/0.9.7e mod_fastcgi/2.4.2 DAV/2 SVN/1.3.2
Vary: Accept-Encoding
Content-Length: 662
Connection: close
Content-Type: text/html; charset=iso-8859-1



500 Internal Server Error

Internal Server Error


The server encountered an internal error or
misconfiguration and was unable to complete
your request.


Please contact the server administrator,
spam@sitename.com and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.


More information about this error may be available
in the server error log.


Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.




501 Method Not Implemented

HTTP/1.1 501 Method Not Implemented
Date: Sun, 04 Mar 2007 10:01:27 GMT
Server: Apache/2.0.54 (Unix) PHP/4.4.4 mod_ssl/2.0.54 OpenSSL/0.9.7e mod_fastcgi/2.4.2 DAV/2 SVN/1.3.2
Allow: TRACE
Vary: Accept-Encoding
Content-Length: 210
Connection: close
Content-Type: text/html; charset=iso-8859-1



501 Method Not Implemented

Method Not Implemented


GET to /e/501 not supported.




502 Bad Gateway

HTTP/1.1 502 Bad Gateway
Date: Sun, 04 Mar 2007 10:01:27 GMT
Server: Apache/2.0.54 (Unix) PHP/4.4.4 mod_ssl/2.0.54 OpenSSL/0.9.7e mod_fastcgi/2.4.2 DAV/2 SVN/1.3.2
Vary: Accept-Encoding
Content-Length: 232
Content-Type: text/html; charset=iso-8859-1
X-Pad: avoid browser bug



502 Bad Gateway

Bad Gateway


The proxy server received an invalid
response from an upstream server.




503 Service Temporarily Unavailable

HTTP/1.1 503 Service Temporarily Unavailable
Date: Sun, 04 Mar 2007 10:01:27 GMT
Server: Apache/2.0.54 (Unix) PHP/4.4.4 mod_ssl/2.0.54 OpenSSL/0.9.7e mod_fastcgi/2.4.2 DAV/2 SVN/1.3.2
Vary: Accept-Encoding
Content-Length: 323
Connection: close
Content-Type: text/html; charset=iso-8859-1



503 Service Temporarily Unavailable

Service Temporarily Unavailable


The server is temporarily unable to service your
request due to maintenance downtime or capacity
problems. Please try again later.




504 Gateway Time-out

HTTP/1.1 504 Gateway Time-out
Date: Sun, 04 Mar 2007 10:01:27 GMT
Server: Apache/2.0.54 (Unix) PHP/4.4.4 mod_ssl/2.0.54 OpenSSL/0.9.7e mod_fastcgi/2.4.2 DAV/2 SVN/1.3.2
Vary: Accept-Encoding
Content-Length: 239
Content-Type: text/html; charset=iso-8859-1



504 Gateway Time-out

Gateway Time-out


The proxy server did not receive a timely response
from the upstream server.




505 HTTP Version Not Supported

HTTP/1.1 505 HTTP Version Not Supported
Date: Sun, 04 Mar 2007 10:01:27 GMT
Server: Apache/2.0.54 (Unix) PHP/4.4.4 mod_ssl/2.0.54 OpenSSL/0.9.7e mod_fastcgi/2.4.2 DAV/2 SVN/1.3.2
Vary: Accept-Encoding
Content-Length: 553
Content-Type: text/html; charset=iso-8859-1



505 HTTP Version Not Supported

HTTP Version Not Supported


The server encountered an internal error or
misconfiguration and was unable to complete
your request.


Please contact the server administrator,
spam@sitename.com and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.


More information about this error may be available
in the server error log.




506 Variant Also Negotiates

HTTP/1.1 506 Variant Also Negotiates
Date: Sun, 04 Mar 2007 10:01:27 GMT
Server: Apache/2.0.54 (Unix) PHP/4.4.4 mod_ssl/2.0.54 OpenSSL/0.9.7e mod_fastcgi/2.4.2 DAV/2 SVN/1.3.2
Vary: Accept-Encoding
Content-Length: 304
Content-Type: text/html; charset=iso-8859-1



506 Variant Also Negotiates

Variant Also Negotiates


A variant for the requested resource
<pre>
/e/506
</pre>
is itself a negotiable resource. This indicates a configuration error.




507 Insufficient Storage

HTTP/1.1 507 Insufficient Storage
Date: Sun, 04 Mar 2007 10:01:27 GMT
Server: Apache/2.0.54 (Unix) PHP/4.4.4 mod_ssl/2.0.54 OpenSSL/0.9.7e mod_fastcgi/2.4.2 DAV/2 SVN/1.3.2
Vary: Accept-Encoding
Content-Length: 389
Content-Type: text/html; charset=iso-8859-1



507 Insufficient Storage

Insufficient Storage


The method could not be performed on the resource
because the server is unable to store the
representation needed to successfully complete the
request. There is insufficient free space left in
your storage allocation.




508 unused

HTTP/1.1 508 unused
Date: Sun, 04 Mar 2007 10:01:27 GMT
Server: Apache/2.0.54 (Unix) PHP/4.4.4 mod_ssl/2.0.54 OpenSSL/0.9.7e mod_fastcgi/2.4.2 DAV/2 SVN/1.3.2
Vary: Accept-Encoding
Content-Length: 513
Content-Type: text/html; charset=iso-8859-1



508 unused

unused


The server encountered an internal error or
misconfiguration and was unable to complete
your request.


Please contact the server administrator,
spam@sitename.com and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.


More information about this error may be available
in the server error log.




509 unused

HTTP/1.1 509 unused
Date: Sun, 04 Mar 2007 10:01:27 GMT
Server: Apache/2.0.54 (Unix) PHP/4.4.4 mod_ssl/2.0.54 OpenSSL/0.9.7e mod_fastcgi/2.4.2 DAV/2 SVN/1.3.2
Vary: Accept-Encoding
Content-Length: 513
Content-Type: text/html; charset=iso-8859-1



509 unused

unused


The server encountered an internal error or
misconfiguration and was unable to complete
your request.


Please contact the server administrator,
spam@sitename.com and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.


More information about this error may be available
in the server error log.




510 Not Extended

HTTP/1.1 510 Not Extended
Date: Sun, 04 Mar 2007 10:01:27 GMT
Server: Apache/2.0.54 (Unix) PHP/4.4.4 mod_ssl/2.0.54 OpenSSL/0.9.7e mod_fastcgi/2.4.2 DAV/2 SVN/1.3.2
Vary: Accept-Encoding
Content-Length: 247
Content-Type: text/html; charset=iso-8859-1
X-Pad: avoid browser bug



510 Not Extended

Not Extended


A mandatory extension policy in the request is not
accepted by the server for this resource.



Apache Source Code



httpd.h

From httpd.h

/**
* The size of the static array in http_protocol.c for storing
* all of the potential response status-lines (a sparse table).
* A future version should dynamically generate the apr_table_t at startup.
*/
#define RESPONSE_CODES 57
#define HTTP_CONTINUE 100
#define HTTP_SWITCHING_PROTOCOLS 101
#define HTTP_PROCESSING 102
#define HTTP_OK 200
#define HTTP_CREATED 201
#define HTTP_ACCEPTED 202
#define HTTP_NON_AUTHORITATIVE 203
#define HTTP_NO_CONTENT 204
#define HTTP_RESET_CONTENT 205
#define HTTP_PARTIAL_CONTENT 206
#define HTTP_MULTI_STATUS 207
#define HTTP_MULTIPLE_CHOICES 300
#define HTTP_MOVED_PERMANENTLY 301
#define HTTP_MOVED_TEMPORARILY 302
#define HTTP_SEE_OTHER 303
#define HTTP_NOT_MODIFIED 304
#define HTTP_USE_PROXY 305
#define HTTP_TEMPORARY_REDIRECT 307
#define HTTP_BAD_REQUEST 400
#define HTTP_UNAUTHORIZED 401
#define HTTP_PAYMENT_REQUIRED 402
#define HTTP_FORBIDDEN 403
#define HTTP_NOT_FOUND 404
#define HTTP_METHOD_NOT_ALLOWED 405
#define HTTP_NOT_ACCEPTABLE 406
#define HTTP_PROXY_AUTHENTICATION_REQUIRED 407
#define HTTP_REQUEST_TIME_OUT 408
#define HTTP_CONFLICT 409
#define HTTP_GONE 410
#define HTTP_LENGTH_REQUIRED 411
#define HTTP_PRECONDITION_FAILED 412
#define HTTP_REQUEST_ENTITY_TOO_LARGE 413
#define HTTP_REQUEST_URI_TOO_LARGE 414
#define HTTP_UNSUPPORTED_MEDIA_TYPE 415
#define HTTP_RANGE_NOT_SATISFIABLE 416
#define HTTP_EXPECTATION_FAILED 417
#define HTTP_UNPROCESSABLE_ENTITY 422
#define HTTP_LOCKED 423
#define HTTP_FAILED_DEPENDENCY 424
#define HTTP_UPGRADE_REQUIRED 426
#define HTTP_INTERNAL_SERVER_ERROR 500
#define HTTP_NOT_IMPLEMENTED 501
#define HTTP_BAD_GATEWAY 502
#define HTTP_SERVICE_UNAVAILABLE 503
#define HTTP_GATEWAY_TIME_OUT 504
#define HTTP_VERSION_NOT_SUPPORTED 505
#define HTTP_VARIANT_ALSO_VARIES 506
#define HTTP_INSUFFICIENT_STORAGE 507
#define HTTP_NOT_EXTENDED 510

/** is the status code informational */
#define ap_is_HTTP_INFO(x) (((x) >= 100)&&((x) <>= 200)&&((x) <>= 300)&&((x) <>= 400)&&((x) <>= 400)&&((x) <>= 500)&&((x) <>= 100)&&((x) <> 0, 101 -> 1, 200 -> 2 ...
* The number of status lines must equal the value of RESPONSE_CODES (httpd.h)
* and must be listed in order.
*/

static const char * status_lines[RESPONSE_CODES] =
#else
static const char * const status_lines[RESPONSE_CODES] =
#endif
{
"100 Continue",
"101 Switching Protocols",
"102 Processing",
#define LEVEL_200 3
"200 OK",
"201 Created",
"202 Accepted",
"203 Non-Authoritative Information",
"204 No Content",
"205 Reset Content",
"206 Partial Content",
"207 Multi-Status",
#define LEVEL_300 11
"300 Multiple Choices",
"301 Moved Permanently",
"302 Found",
"303 See Other",
"304 Not Modified",
"305 Use Proxy",
"306 unused",
"307 Temporary Redirect",
#define LEVEL_400 19
"400 Bad Request",
"401 Authorization Required",
"402 Payment Required",
"403 Forbidden",
"404 Not Found",
"405 Method Not Allowed",
"406 Not Acceptable",
"407 Proxy Authentication Required",
"408 Request Time-out",
"409 Conflict",
"410 Gone",
"411 Length Required",
"412 Precondition Failed",
"413 Request Entity Too Large",
"414 Request-URI Too Large",
"415 Unsupported Media Type",
"416 Requested Range Not Satisfiable",
"417 Expectation Failed",
"418 unused",
"419 unused",
"420 unused",
"421 unused",
"422 Unprocessable Entity",
"423 Locked",
"424 Failed Dependency",
/* This is a hack, but it is required for ap_index_of_response
* to work with 426.
*/
"425 No code",
"426 Upgrade Required",
#define LEVEL_500 46
"500 Internal Server Error",
"501 Method Not Implemented",
"502 Bad Gateway",
"503 Service Temporarily Unavailable",
"504 Gateway Time-out",
"505 HTTP Version Not Supported",
"506 Variant Also Negotiates",
"507 Insufficient Storage",
"508 unused",
"509 unused",
"510 Not Extended"
};

Wednesday, April 18, 2007

CPC, CPA, or CPM: The Publisher's View

It's increasingly important that we, as PPC (define) search marketers, understand the publisher's view of the media ecosystem's changes. With more contextual and behavioral advertising opportunities released almost monthly, publishers and marketers are faced with rising complexity and more choices than ever before.

Within Google alone, ads can be targeted contextually across a full network or with site targeting, as well as in pure search. And now these ads can also be bid on at a CPM (define), CPC (define), or CPA (define) basis.

Publishers have one asset they use to earn revenue: their readers/viewers. The trick is to maximize revenue, both short and long term. The reason I distinguish short and long term is because some ad opportunities that garner significant short-term revenue may also turn off visitors. Pop-ups, pop-unders, excessive ad clutter, or use of too many interstitial ads can lead to user abandonment.

As an advertiser, you may think it doesn't matter what publishers think or do. You can only control what you're willing to pay, what ads you run, and whether you buy ad space on a CPM, CPC, or CPA basis. But by putting yourself into the publisher's mindset, search marketers buying contextual inventory can improve not only their ROI (define) but also the publisher's.

Publisher-Centric Considerations

* Ad diversity. It's easy to keep campaigns limited to text link ads, even as you expand testing into contextual targeting. After all, you already went through the trouble of writing the creative, putting ads into ad groups, and even testing multiple text ads against one another to determine which generated a higher Quality Score while retaining good conversion. However, publishers may set up their accounts to allow for image ads in addition to text ads because image ads fit better into their content. Google also allows click-to-play video ads. If you have available video assets, it may be worth experimenting with them, as they tend to get rotated into the mix at fairly good sites, such as LinkedIn.

* Freshness imperative. Even if you or your ad network hasn't set frequency caps that let you specify how many ad impressions an individual will see, publishers with large numbers of page views like fresh ads. This is similar to ad diversity but plays more to keeping site pages looking fresh, even when the advertiser is the same. On a major site, I recently saw the same Expedia ad over 20 times. Clearly, no one was keeping an eye on freshness.

* Ad stickiness. If you've selected a CPC or CPA billing method, the publisher and the network will favor the stickier ads. Therefore, your message must be clear and compelling. Unlike search ads, contextual ads often aren't perfectly matched to content. Even if they are, the reader isn't necessarily interested in that specific topic in the same way a searcher would be. The best contextual ads may be very different from the best search ads.

* Risk aversion. Though a CPA ad payout may be very high, publishers know there are risks associated with this ad type. Lost cookies, tracking problems, multiple computers, even competing CPA publishers all reduce the amount of money publishers might receive, even when that money is rightfully theirs. For this reason, publishers may take a lower effective CPM in a CPC- or CPM-billed ad just to mitigate the risks of a CPA deal not paying out as expected.

* The capitalist publisher. Even some medium-sized publishers will sell you ads directly at similar or lower rates than what you may pay through the network. One reason for this is the network's cut may be 20 to 30 percent. Another is publishers like direct relationships and may allocate better inventory to direct buyers. If you buy direct, make sure you use an ad server that's likely to reconcile well against the publisher's, regardless of whether the deal is CPM or CPC.

* The Darwinist publisher. Publishers see ad networks as a survival-of-the-fittest struggle. Publisher and broadcaster (in the case of video or podcast content) loyalties are to themselves, as they should be. Therefore, publishers always negotiate for the highest revenue share and look for networks that can deliver a higher effective CPM (ECPM). They regularly test the mix of third-party placements.

As a search advertiser whose placements are evolving into other media, you must understand the publisher perspective. It gives you the ammunition to insist your team invest in the development of more comprehensive, effective campaigns. The more effective your campaign, the more likely a publisher or network is to run it on a performance basis, either CPC or even CPA.