Hacker News new | past | comments | ask | show | jobs | submit login

We return 418 on our site in case an admin tries to access the admin panel without a required VPN. It actually clicked pretty fast with everybody on the team, especially those less tech-savvy. They know the "teapot issue" means they forgot to turn on the VPN. It's less confusing than 401/403 :)



I did the same for a popular tech company many years ago. If you attempted admin only actions you got a "402 Payment Required"


Why not return instead/in addition reply with an actionable message in the body?


The misinformation that 418 brings may be quite helpful if an unauthorized person temporarily gets in hold of your device and tries to access that admin panel.


How is that? Enabling VPN should require some knowledge still, so why would it help if an unauthorised person accessed your device?


Some setups are dead simple and require just 1 or 2 clicks to enable a VPN that was registered before, e.g. Tunnelblick on MacOS. The potential hacker who was explicitly told he has to enable a VPN may look for such an app on the compromised computer.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: