Print this page

Why does the URL return my site's login page (401 Unauthorized error ) rather than a 404 Not Found error?

Knowledge Article Number 000233439
Description If a page does not exist on a site, the expectation would be that 404 Not Found HTTP Status Code is returned.

For example, try the following in the browser:

This returns a page showing the following:
404. That’s an error.
The requested URL /does-not-exist was not found on this server.

However when the URL contains unsupported characters like the hyphen that are not supported in a Visualforce page name, the 401 Unauthorized HTTP Status Code is returned instead. 

This is behavior related to Site Guest Users and Portal users that has existed in Salesforce for a number of releases and will not be changed.  Otherwise for an authenticated user to a site, a handled exception is actually thrown with the following message and sent to the Administrator of the site:

"The name can only contain underscores and alphanumeric characters. It must begin with a letter and be unique, and must not include spaces, end with an underscore, or contain two consecutive underscores"

For a Visualforce driven site, if the URL provided is not mapped to anything it will try to map it to a Visualforce page.  The handled exception for unsupported characters is checked in a filter and thrown before the check to see if the page actually exists.  This may manifest as a 401 Unauthorized HTTP Status code in the case of Site Guest Users and Portal users and direct to the site's login page.

Resolution Either, add Site URL Redirects for any bookmarks at issue. 
Educate users to update their bookmarks.

promote demote