When you try to access content on a server that is running Internet Information Services (IIS) 7.0 by using HTTP, IIS 7.0 returns a numeric code that indicates the status of the response. The HTTP status code is recorded in the IIS log. Additionally, the HTTP status code may be displayed in the client browser.
The HTTP status code may indicate whether a request is successful or unsuccessful. The HTTP status code may also reveal the exact reason that a request is unsuccessful.
Log file locations
By default, IIS 7.0 puts log files in the following folder:
This folder contains separate directories for each World Wide Web site. By default, the log files are created in the directories daily, and the log files are named by using the date. For example, a log file may be named as follows:
The HTTP status codes
This section describes the HTTP status codes that IIS 7.0 uses.
Note: This Microsoft Knowledge Base entry (kb943891) does not list every possible HTTP status code as dictated in the HTTP specification. This article includes only the HTTP status codes that IIS 7.0 can send. For example, a custom Internet Server API (ISAPI) filter or a custom HTTP module can set its own HTTP status code.
1xx – Informational
These HTTP status codes indicate a provisional response. The client computer receives one or more 1xxresponses before the client computer receives a regular response.
IIS 7.0 uses the following informational HTTP status codes:
• 100 – Continue.
• 101 – Switching protocols.
2xx – Success
These HTTP status codes indicate that the server successfully accepted the request.
IIS 7.0 uses the following success HTTP status codes:
• 200 – OK. The client request has succeeded.
• 201 – Created.
• 202 – Accepted.
• 203 – Nonauthoritative information.
• 204 – No content.
• 205 – Reset content.
• 206 – Partial content.
3xx – Redirection
These HTTP status codes indicate that the client browser must take more action to fulfill the request. For example, the client browser may have to request a different page on the server. Or, the client browser may have to repeat the request by using a proxy server.
IIS 7.0 uses the following redirection HTTP status codes:
• 301 – Moved permanently.
• 302 – Object moved.
• 304 – Not modified.
• 307 – Temporary redirect.
4xx – Client error
These HTTP status codes indicate that an error occurred and that the client browser appears to be at fault. For example, the client browser may have requested a page that does not exist. Or, the client browser may not have provided valid authentication information.
IIS 7.0 uses the following client error HTTP status codes:
• 400 – Bad request. The request could not be understood by the server due to malformed syntax. The client should not repeat the request without modifications.
IIS 7.0 defines the following HTTP status codes that indicate a more specific cause of a 400 error:
o 400.1 – Invalid Destination Header.
o 400.2 – Invalid Depth Header.
o 400.3 – Invalid If Header.
o 400.4 – Invalid Overwrite Header.
o 400.5 – Invalid Translate Header.
o 400.6 – Invalid Request Body.
o 400.7 – Invalid Content Length.
o 400.8 – Invalid Timeout.
o 400.9 – Invalid Lock Token.
• 401 – Access denied.
IIS 7.0 defines several HTTP status codes that indicate a more specific cause of a 401 error. The following specific HTTP status codes are displayed in the client browser but are not displayed in the IIS log:
o 401.1 – Logon failed.
o 401.2 – Logon failed due to server configuration.
o 401.3 – Unauthorized due to ACL on resource.
o 401.4 – Authorization failed by filter.
o 401.5 – Authorization failed by ISAPI/CGI application.
• 403 – Forbidden.
IIS 7.0 defines the following HTTP status codes that indicate a more specific cause of a 403 error:
o 403.1 – Execute access forbidden.
o 403.2 – Read access forbidden.
o 403.3 – Write access forbidden.
o 403.4 – SSL required.
o 403.5 – SSL 128 required.
o 403.6 – IP address rejected.
o 403.7 – Client certificate required.
o 403.8 – Site access denied.
o 403.9 – Forbidden: Too many clients are trying to connect to the Web server.
o 403.10 – Forbidden: Web server is configured to deny Execute access.
o 403.11 – Forbidden: Password has been changed.
o 403.12 – Mapper denied access.
o 403.13 – Client certificate revoked.
o 403.14 – Directory listing denied.
o 403.15 – Forbidden: Client access licenses have exceeded limits on the Web server.
o 403.16 – Client certificate is untrusted or invalid.
o 403.17 – Client certificate has expired or is not yet valid.
o 403.18 – Cannot execute requested URL in the current application pool.
o 403.19 – Cannot execute CGI applications for the client in this application pool.
o 403.20 – Forbidden: Passport logon failed.
o 403.21 – Forbidden: Source access denied.
o 403.22 – Forbidden: Infinite depth is denied.
o 403.502 – Forbidden: Too many requests from the same client IP; Dynamic IP Restriction limit reached.
• 404 – Not found.
IIS 7.0 defines the following HTTP status codes that indicate a more specific cause of a 404 error:
o 404.0 – Not found.
o 404.1 – Site Not Found.
o 404.2 – ISAPI or CGI restriction.
o 404.3 – MIME type restriction.
o 404.4 – No handler configured.
o 404.5 – Denied by request filtering configuration.
o 404.6 – Verb denied.
o 404.7 – File extension denied.
o 404.8 – Hidden namespace.
o 404.9 – File attribute hidden.
o 404.10 – Request header too long.
o 404.11 – Request contains double escape sequence.
o 404.12 – Request contains high-bit characters.
o 404.13 – Content length too large.
o 404.14 – Request URL too long.
o 404.15 – Query string too long.
o 404.16 – DAV request sent to the static file handler.
o 404.17 – Dynamic content mapped to the static file handler via a wildcard MIME mapping.
o 404.18 – Querystring sequence denied.
o 404.19 – Denied by filtering rule.
o 404.20 – Too Many URL Segments
• 405 – Method Not Allowed.
• 406 – Client browser does not accept the MIME type of the requested page.
• 408 – Request timed out.
• 412 – Precondition failed.
5xx – Server error
These HTTP status codes indicate that the server cannot complete the request because the server encounters an error.
IIS 7.0 uses the following server error HTTP status codes:
• 500 – Internal server error.
IIS 7.0 defines the following HTTP status codes that indicate a more specific cause of a 500 error:
o 500.0 – Module or ISAPI error occurred.
o 500.11 – Application is shutting down on the Web server.
o 500.12 – Application is busy restarting on the Web server.
o 500.13 – Web server is too busy.
o 500.15 – Direct requests for Global.asax are not allowed.
o 500.19 – Configuration data is invalid.
o 500.21 – Module not recognized.
o 500.22 – An ASP.NET httpModules configuration does not apply in Managed Pipeline mode.
o 500.23 – An ASP.NET httpHandlers configuration does not apply in Managed Pipeline mode.
o 500.24 – An ASP.NET impersonation configuration does not apply in Managed Pipeline mode.
o 500.50 – A rewrite error occurred during RQ_BEGIN_REQUEST notification handling. A configuration or inbound rule execution error occurred.
Note Here is where the distributed rules configuration is read for both inbound and outbound rules.
o 500.51 – A rewrite error occurred during GL_PRE_BEGIN_REQUEST notification handling. A global configuration or global rule execution error occurred.
Note Here is where the global rules configuration is read.
o 500.52 – A rewrite error occurred during RQ_SEND_RESPONSE notification handling. An outbound rule execution occurred.
o 500.53 – A rewrite error occurred during RQ_RELEASE_REQUEST_STATE notification handling. An outbound rule execution error occurred. The rule is configured to be executed before the output user cache gets updated.
o 500.100 – Internal ASP error.
• 501 – Header values specify a configuration that is not implemented.
• 502 – Web server received an invalid response while acting as a gateway or proxy.
IIS 7.0 defines the following HTTP status codes that indicate a more specific cause of a 502 error:
o 502.1 – CGI application timeout.
o 502.2 – Bad gateway.
• 503 – Service unavailable.
IIS 7.0 defines the following HTTP status codes that indicate a more specific cause of a 503 error:
o 503.0 – Application pool unavailable.
o 503.2 – Concurrent request limit exceeded.