511 Network Authentication Required - Server Error Response Status Code

Official Definition

The 511 status code is designed to mitigate problems caused by "captive portals" to software (especially non-browser agents) that is expecting a response from the server that a request was made to, not the intervening network infrastructure. It is not intended to encourage deployment of captive portals -- only to limit the damage caused by them.

A network operator wishing to require some authentication, acceptance of terms, or other user interaction before granting access usually does so by identifying clients who have not done so ("unknown clients") using their Media Access Control (MAC) addresses.

Unknown clients then have all traffic blocked, except for that on TCP port 80, which is sent to an HTTP server (the "login server") dedicated to "logging in" unknown clients, and of course traffic to the login server itself.

For example, a user agent might connect to a network and make the following HTTP request on TCP port 80:

GET /index.htm HTTP/1.1 Host: www.example.com

Upon receiving such a request, the login server would generate a 511 response:

HTTP/1.1 511 Network Authentication Required Content-Type: text/html

<html>
  <head>
    <title>Network Authentication Required</title>
    <meta http-equiv="refresh"
    content="0; url=https://login.example.net/">
  </head>
  <body>
    <p>You need to <a href="https://login.example.net/">
    authenticate with the local network</a> in order to gain
    access.</p>
  </body>
</html>

Here, the 511 status code assures that non-browser clients will not interpret the response as being from the origin server, and the META HTML element redirects the user agent to the login server.