Sunday, January 22nd, 2012...11:14

Blacking Out Your Website

Jump to Comments

On January 18, 2012 a number of websites “went dark” to protest the United States House of Representatives Stop Online Piracy Act and Senate Protect IP Act, more commonly known as SOPA and PIPA. Like many things, there are many way to go about “blacking out” one’s website.

Wikipedia used JavaScript and CSS to overlay their message on every page, so users saw the content of the page for a second or so and then it was completely obscured. BoingBoing returned a HTTP 503 “service unavailable” for every URL on their domain. Mozilla returned a 503 for their main URL. Imgur and Craigslist simply changed the content on their main pages and continued to return HTTP 200s. reddit redirected every URL on their domain to their protest message via a HTTP 302 “temporary redirect”. So which, if any of these is “correct”?

In this case, the HTTP 503 is the best option because it conveys two important bits of information:

  1. The server is unable to handle the request
  2. The situation is temporary

The HTTP 302 is dangerous because it conveys two bits of information, one which is correct and the other which is a lie:

  1. The requested resource was found, but under a different URI
  2. The situation is temporary

The difference likely doesn’t matter much to a person using a web browser, as in the worst case it might cache the 302 response. If the redirect changes on the server a user re-requests the URI, the cached response might be returned. At this point if the user thinks the page isn’t valid e.g. seeing a January 18th SOPA protest page on January 19th, it’s easy enough for the user to reload the page and retrieve the new redirect target.

However, a web crawlers like Googlebot, DuckDuckGo Bot etc. will store the contents of the page for consideration in their respective search index and may not visit a given URI very often. So if one were to configure their site to issue a 302 or 200 with alternative content during the time a web crawler visited the URI, it could render one’s page virtually inaccessible via a search as the bot would think the temporary content fetched was valid and not retry again until it is scheduled to visit the URI again. In contrast, returning 503 will likely cause the bot to break out of it’s normal scheduling cycle for a given URL such that it retries it sooner rather than later.

So next time you decide to stage a blackout, remember there are clients other than humans with web browsers accessing your site!

Comments are closed.