HTTP
511 - Network Authentication Required
Hitting a 511 Network Authentication Required means you need to authenticate with the network before accessing the internet—captive portals in hotels, airports, or public Wi-Fi require login or terms acceptance. This client-side error (4xx) happens when network infrastructure intercepts requests to force authentication. Most common when connecting to public Wi-Fi that requires login, but also appears when corporate networks require authentication, terms of service must be accepted, or network access control (NAC) systems block unauthenticated devices.
#Common Causes
- →Frontend: Browser automatically detects captive portal and shows login page. User hasn't completed network authentication. Terms of service not accepted. Network requires payment or registration.
- →Backend: Captive portal system intercepts requests. Network access control (NAC) requires authentication. Corporate network requires device registration. Guest network requires login.
- →Infrastructure: Router/gateway redirects to captive portal. Network firewall blocks unauthenticated traffic. Wi-Fi access point requires authentication. Network management system enforces authentication.
✓Solutions
- 1Step 1: Diagnose - Browser shows captive portal login page automatically. Check if URL redirects to authentication page. Look for "Network Authentication Required" message. Check network connection status.
- 2Step 2: Diagnose - Network logs show authentication status. Check captive portal configuration. Review network access control rules. Verify device registration status.
- 3Step 3: Fix - Client-side: Complete captive portal login. Accept terms of service if prompted. Register device on network if required. Pay for network access if needed. Wait for authentication to complete.
- 4Step 4: Fix - Server-side: Return 511 with Location header pointing to login page. Provide clear authentication instructions. Support automatic portal detection. Implement proper redirect handling.
- 5Step 5: Fix - Infrastructure: Configure captive portal properly. Set up network access control rules. Ensure authentication redirects work. Configure DNS for portal detection.
</>Code Examples
Fetch API: Handle Captive Portal
1// Client-side: Detect and handle 511 network authentication
2async function fetchWithNetworkAuth(url, options = {}) {
3 try {
4 const response = await fetch(url, options);
5
6 if (response.status === 511) {
7 // Network authentication required
8 const authUrl = response.headers.get('Location') ||
9 response.headers.get('X-Authentication-URL') ||
10 '/network-auth';
11
12 // Redirect to authentication page
13 if (typeof window !== 'undefined') {
14 window.location.href = authUrl;
15 }
16
17 throw new Error('Network authentication required');
18 }
19
20 return response;
21 } catch (error) {
22 if (error.message.includes('Network authentication')) {
23 console.warn('Network authentication required - redirecting to login');
24 }
25 throw error;
26 }
27}
28
29// Detect captive portal automatically
30async function detectCaptivePortal() {
31 try {
32 // Try to fetch a known endpoint
33 const response = await fetch('/api/health', {
34 method: 'GET',
35 cache: 'no-store',
36 });
37
38 if (response.status === 511) {
39 return {
40 requiresAuth: true,
41 authUrl: response.headers.get('Location') || '/network-auth',
42 };
43 }
44
45 // Check if response was redirected to login page
46 if (response.redirected && response.url.includes('login')) {
47 return {
48 requiresAuth: true,
49 authUrl: response.url,
50 };
51 }
52
53 return { requiresAuth: false };
54 } catch (error) {
55 // Network error might indicate captive portal
56 return { requiresAuth: true, authUrl: '/network-auth' };
57 }
58}
59
60// Usage
61detectCaptivePortal().then(({ requiresAuth, authUrl }) => {
62 if (requiresAuth) {
63 showNetworkAuthDialog(authUrl);
64 }
65 });Express.js: Captive Portal Implementation
1// Server-side: Implement captive portal with 511
2const express = require('express');
3const app = express();
4
5// Middleware to check network authentication
6const requireNetworkAuth = (req, res, next) => {
7 // Check if user is authenticated on network
8 const networkAuthToken = req.cookies.network_auth_token;
9 const isAuthenticated = checkNetworkAuth(networkAuthToken);
10
11 if (!isAuthenticated) {
12 // Return 511 with authentication URL
13 const authUrl = `${req.protocol}://${req.get('host')}/network-auth?redirect=${encodeURIComponent(req.originalUrl)}`;
14
15 return res.status(511)
16 .set('Location', authUrl)
17 .set('X-Authentication-URL', authUrl)
18 .json({
19 error: 'Network Authentication Required',
20 message: 'You must authenticate with the network to access this resource',
21 authenticationUrl: authUrl,
22 });
23 }
24
25 next();
26};
27
28// Network authentication endpoint
29app.get('/network-auth', (req, res) => {
30 const redirectUrl = req.query.redirect || '/';
31 res.send(`
32 <!DOCTYPE html>
33 <html>
34 <head>
35 <title>Network Authentication Required</title>
36 </head>
37 <body>
38 <h1>Network Authentication</h1>
39 <p>Please authenticate to access the network.</p>
40 <form action="/network-auth" method="POST">
41 <input type="text" name="username" placeholder="Username" required>
42 <input type="password" name="password" placeholder="Password" required>
43 <button type="submit">Authenticate</button>
44 </form>
45 <input type="hidden" name="redirect" value="${redirectUrl}">
46 </body>
47 </html>
48 `);
49});
50
51// Handle authentication
52app.post('/network-auth', (req, res) => {
53 const { username, password, redirect } = req.body;
54
55 // Validate credentials (simplified example)
56 if (validateNetworkCredentials(username, password)) {
57 // Set authentication token
58 const token = generateNetworkAuthToken(username);
59 res.cookie('network_auth_token', token, {
60 httpOnly: true,
61 secure: true,
62 maxAge: 24 * 60 * 60 * 1000, // 24 hours
63 });
64
65 // Redirect to original URL
66 res.redirect(redirect || '/');
67 } else {
68 res.status(401).send('Invalid credentials');
69 }
70});
71
72// Protected routes require network authentication
73app.use('/api', requireNetworkAuth);
74
75// Health check (bypasses authentication)
76app.get('/health', (req, res) => {
77 res.json({ status: 'ok' });
78});Nginx: Captive Portal Configuration
1# Nginx: Configure captive portal with 511 redirects
2server {
3 listen 80;
4 server_name _; # Catch-all for captive portal
5
6 # Default location - redirect to authentication
7 location / {
8 # Check if user is authenticated (via cookie or IP)
9 if ($cookie_network_auth != "authenticated") {
10 return 511 '{"error":"Network Authentication Required","authenticationUrl":"/network-auth"}';
11 add_header Location /network-auth always;
12 add_header Content-Type application/json always;
13 }
14
15 proxy_pass http://backend;
16 }
17
18 # Authentication page
19 location /network-auth {
20 root /var/www/captive-portal;
21 try_files $uri /network-auth.html;
22 }
23
24 # Allow access to authentication endpoints
25 location ~ ^/(network-auth|login|terms) {
26 proxy_pass http://backend;
27 }
28
29 # Health check (bypasses authentication)
30 location /health {
31 proxy_pass http://backend/health;
32 access_log off;
33 }
34}
35
36# Alternative: Use external authentication service
37# location / {
38# auth_request /auth;
39# auth_request_set $auth_status $upstream_status;
40#
41# if ($auth_status = 401) {
42# return 511 '{"error":"Network Authentication Required"}';
43# }
44#
45# proxy_pass http://backend;
46# }↗Related Errors
Provider Information
This error code is specific to HTTP services. For more information, refer to the official HTTP documentation.