HTTP Status Code (999 Request Denied)
The official HTTP status codes are:
- 1xx Informational
- 2xx Success
- 3xx Redirection
- 4xx Client errors
- 5xx Server errorsI came across this strange HTTP status code (999 Request Denied) while I was doing a Web Pentest.
999 Request Denied is an unofficial HTTP status code that is returned by the server for catching all error code. (similar to try & catch in JavaScript). You can configure different response message based on the host or service.
This HTTP status code is often used by social media sites to prevent web crawlers or restrict them. The server doesn’t always return the 999 status code and it does that for a limited time depending on the user agent or the source IP address. LinkedIn returns this status code.
When you visit this URL: https://www.linkedin.com/in/shaban00/ in the browser, you will be redirected to the LinkedIn profile page of Shaban Mohammedsaani Hassan if you are already logged in. But if you are not logged in, you will be redirected to LinkedIn’s login page. After successful login, you will be redirected to the profile page.
However, when you use a tool like curl
Example
curl -I --url http://www.linkedin.com/in/shaban00Response
HTTP/1.1 999 Request denied
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Length: 1530
Content-Type: text/html
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: trkCode=bf; Max-Age=5
Set-Cookie: trkInfo=AQF7IgSimwOkgAAAAYr0qDFQ4eWkNZlc38DyaeqhollQJjzpfbkap2GJExiejKBEftGEubbAyUL06wJMVnqd55kpyoSwKFwGSz3UhmnC5ZQ-OZ0TDwJDTJv4n57yb86e2Esz7d8=; Max-Age=5
Set-Cookie: rtc=AQF-VNXn9pizeAAAAYr0qDFQmL7OK1wYsBrxS68AohlwSFKz3V_XMMTg-4wLxkibRJadQjBiS8Q7_9Yroq-oWyVpCb4tFp0ucNgdhNEDK2ycl0YwpFF09dh1PtiSUAuR1K2eqFSBmHjrR41rvrw_HO0EXZamZhhuyFYpJEJOXlf9q76iruUCaxyNFksfNLka5QVf40m55QXmc5tGvWWomZuuyHc=; Max-Age=120; path=/; domain=.linkedin.com
X-Li-Fabric: prod-ltx1
X-Li-Pop: afd-prod-ltx1-x
X-Li-Proto: http/1.1
X-LI-UUID: AAYGy7EBt9PGms4njBpW5w==
X-Cache: CONFIG_NOCACHE
X-MSEdge-Ref: Ref A: 33F1A6DD008D4CBD978F57DDD0248169 Ref B: PAOEDGE0516 Ref C: 2023-10-03T08:29:38Z
Date: Tue, 03 Oct 2023 08:29:37 GMTNOTE
The 999 Request Denied status code is a generic error message that has different meaning depending on the server.
