This site provides the following access keys:

Brandan Lennox's

HTTP 409 for Fun and Profit

Here’s something interesting I recently discovered. HTTP/1.1 defines a 409 status code indicating a conflict that the client is expected to resolve:

The request could not be completed due to a conflict with the current state of the resource. This code is only allowed in situations where it is expected that the user might be able to resolve the conflict and resubmit the request. The response body SHOULD include enough information for the user to recognize the source of the conflict. Ideally, the response entity would include enough information for the user or user agent to fix the problem; however, that might not be possible and is not required.

By interpreting that only a bit leniently, I’ve decided to start blocking Internet Explorer 6 on my personal projects. In essence, your shitty browser is in conflict with my impeccable code, and I expect you to resolve this conflict. KTHX!

How Do I Break This to You…?

Here’s the error page I render on the Dekaplan site (which is a bit of a joke in itself anyway):

Example of an HTTP 409 error page“Internet Explorer does not work with this site.”

(I’m using Safari with a spoofed user agent string in this screenshot.)

Carefully worded so as to place the blame squarely on IE, the page also suggests a fix: download a better browser. I purposely don’t suggest upgrading IE, since that’s hardly an improvement.

It’s pretty simple to implement. In Rails, it’s a before_filter in ApplicationController:

class ApplicationController < ActionController::Base
  before_filter :block_ie
    def block_ie
      if request.headers['HTTP_USER_AGENT'] =~ /MSIE 6/
        render :template => 'errors/409.html.haml', :layout => 'error', :status => 409
        return false

PHP could do something similar in a globally included script.

Too Far?

Is this going to piss people off? Yeah. I’ve already confirmed that. Several friends couldn’t access the Dekaplan site from work. They either stealth-installed Firefox or waited until they got home to look at the site.

There’s really no way to the content without spoofing your user agent string, and if you know how to do that, you probably aren’t using IE6 anyway. So IE6 users are pretty much completely blocked out. But:

  1. None of my sites get any traffic from any browser anyway.
  2. It’s time to start pissing people off if we want them to move away from IE6.

Gentle prodding hasn’t proven very effective. IE6 still commands 20% of the browser market, with IE8 just behind it and IE7 still holding onto 15% almost a year after the release of its successor. Yes, it’s bull-headed to block content from your visitors, but it’s just as silly to hang on to a decade-old browser. Somebody has to give, and I’ve decided it’s not going to be me anymore.