View Full Version : 200 response

02-24-2007, 01:24 PM
I am trying to verify my site against a site security advisor and am getting the following message:

It appears that [my website here] is returning an HTTP 200 status response code in the header of 404 pages.
We cannot verify a Web site that is configured this way because it allows anyone to verify themselves as the owner of your site. Please update your Web site server configuration to return 404 status codes in the headers for pages that do not exist. Once your site is configured this way then you can return and request a file name verification.
Can anyone advise how to correct this?


02-25-2007, 12:13 PM
It looks like Apache is finding a page to return, instead of sending back an error. As to why that is happening it's hard to say without any further information.

One possibility, if this is a dynamic website, is that you have some PHP or mod_rewrite finding a default page in the case where an error would normally be found. I know Xaraya does that and possibly other systems do as well.


02-26-2007, 06:48 AM
If you want to find out what is happening, then you can try this yourself as detailed at http://www.apacheweek.com/features/http11

All you need to do is type
telnet yourdomain.com 80
Connected to yourdomain.com.
HEAD /nonexistantfile HTTP/1.0
and then press the return key twice.