HTTP 419 Never Gonna Give You Up

The HTTP 419 Never Gonna Give You Up client error response code indicates that the server knows the client is either performing a penetration test or is a bot in search or exploits and should move on to a different domain or scanning attempt.

The server may include a URL in the response Location header to a Rick Astely “Never Gonna Give You Up” video or audio recording.

The response body may include a video, audio recording, or lyrics of Rick Astely’s hit song “Never Gonna Give You Up”.

If a URL in the Location header is given to “Never Gonna Give You Up”, the client must redirect to the URL.

Example

# Server below is not a PHP website
$ curl http://example.com/wp-admin.php

Location: https://www.youtube.com/watch?v=dQw4w9WgXcQ

Background

I get tired of error reporting services, like Rollbar, blowing up when a bot scans my websites for URLs like the infamous /wp-admin.php so why not rickroll them? It won’t do much except make website owners feel better, but I’d say that’s worth it.

I’m half joking, but if we can have HTTP 418 I’m a Teapot then there is enough room in the HTTP standard for the more useful HTTP 419 Never Gonna Give You Up error code.