{"id":669,"date":"2025-05-18T23:25:04","date_gmt":"2025-05-18T20:25:04","guid":{"rendered":"https:\/\/hostvera.com.tr\/blog\/?p=669"},"modified":"2025-05-26T22:44:18","modified_gmt":"2025-05-26T19:44:18","slug":"http-401-ve-403-hatalari-sebepleri-ve-cozum-adimlari","status":"publish","type":"post","link":"https:\/\/hostvera.com.tr\/blog\/http-401-ve-403-hatalari-sebepleri-ve-cozum-adimlari\/","title":{"rendered":"HTTP 401 ve 403 Hatalar\u0131: Sebepleri ve \u00c7\u00f6z\u00fcm Ad\u0131mlar\u0131"},"content":{"rendered":"\n

HTTP 401 ve 403 Hatalar\u0131: Sebepleri ve \u00c7\u00f6z\u00fcm Ad\u0131mlar\u0131<\/strong><\/p>\n\n\n\n

Giri\u015f<\/strong><\/p>\n\n\n\n

Web uygulamalar\u0131nda HTTP 4xx hata kodlar\u0131, istemcinin yapt\u0131\u011f\u0131 istekte bir sorun oldu\u011funu g\u00f6sterir. \u0130stemci taraf\u0131ndaki kimlik do\u011frulama, yetkilendirme veya ba\u015fl\u0131k yap\u0131land\u0131rmas\u0131 hatalar\u0131 s\u0131kl\u0131kla 401 (Unauthorized) ve 403 (Forbidden) kodlar\u0131yla d\u00f6ner. Bu hatalar\u0131n ayr\u0131nt\u0131lar\u0131n\u0131, hangi durumlarda ortaya \u00e7\u0131kt\u0131klar\u0131n\u0131, taray\u0131c\u0131 ve sunucu taraf\u0131nda nas\u0131l tespit edilece\u011fini, ad\u0131m ad\u0131m \u00e7\u00f6z\u00fcm y\u00f6ntemlerini ve en iyi uygulamalar\u0131 bu rehberde detayl\u0131 \u015fekilde ele alaca\u011f\u0131z.<\/p>\n\n\n\n

HTTP 401 Unauthorized Hatas\u0131<\/strong><\/p>\n\n\n\n

401 Nedir?<\/strong><\/p>\n\n\n\n

401 kodu, istemcinin kimli\u011fini do\u011frulamas\u0131 gerekti\u011fini, ge\u00e7ersiz veya eksik kimlik bilgisi g\u00f6nderdi\u011fini belirtir. Bu durumda sunucu, WWW-Authenticate ba\u015fl\u0131\u011f\u0131yla hangi kimlik do\u011frulama y\u00f6ntemini (Basic, Bearer, Digest) y\u00fcklemesini bekledi\u011fini belirtir.<\/p>\n\n\n\n

401 Hatas\u0131n\u0131n Sebepleri<\/strong><\/p>\n\n\n\n

1. Eksik veya Yanl\u0131\u015f Kimlik Bilgisi<\/strong><\/p>\n\n\n\n

Kullan\u0131c\u0131 ad\u0131\/parola veya token eksik, hatal\u0131 veya s\u00fcresi dolmu\u015f olabilir.<\/p>\n\n\n\n

2. Yetkilendirme Ba\u015fl\u0131\u011f\u0131 Hatal\u0131<\/strong><\/p>\n\n\n\n

HTTP iste\u011finde Authorization: Bearer <token> veya Basic <base64> ba\u015fl\u0131\u011f\u0131 do\u011fru formatta olmayabilir.<\/p>\n\n\n\n

3. \u00c7erez Tabanl\u0131 Oturum Y\u00f6netimi Sorunlar\u0131<\/strong><\/p>\n\n\n\n

Oturum \u00e7erezi (session cookie) g\u00f6nderilmiyor, s\u00fcresi dolmu\u015f veya HttpOnly\/Secure k\u0131s\u0131tlar\u0131 nedeniyle taray\u0131c\u0131 geri g\u00f6ndermiyor.<\/p>\n\n\n\n

4. CORS ve \u00d6n U\u00e7 K\u0131s\u0131tlamalar\u0131<\/strong><\/p>\n\n\n\n

Cross-Origin Resource Sharing (CORS) yap\u0131land\u0131rmas\u0131, kimlik do\u011frulama ba\u015fl\u0131klar\u0131n\u0131 veya \u00e7erezleri engelliyor olabilir.<\/p>\n\n\n\n

5. Sunucu Konfig\u00fcrasyonu<\/strong><\/p>\n\n\n\n

API u\u00e7 noktas\u0131na eri\u015fim sadece HTTPS veya belirli kaynaklardan kabul ediliyorsa, HTTP iste\u011fi veya referer\u2019s\u0131z iste\u011fe 401 d\u00f6ner.<\/p>\n\n\n\n

401 Hatas\u0131n\u0131 Tespit Etme<\/strong><\/p>\n\n\n\n

A. Taray\u0131c\u0131 Geli\u015ftirici Konsolu<\/strong><\/p>\n\n\n\n

Network panelinde ilgili iste\u011fi se\u00e7ip Response Headers ve Request Headers\u2019\u0131 inceleyin. WWW-Authenticate ba\u015fl\u0131\u011f\u0131n\u0131 kontrol edin.<\/p>\n\n\n\n

B. Sunucu Loglar\u0131<\/strong><\/p>\n\n\n\n

Web sunucusu (Nginx\/Apache) veya uygulama loglar\u0131nda 401 hatas\u0131 kayd\u0131na bak\u0131n. API sunucular\u0131nda auth mod\u00fcllerinin log seviyesini art\u0131rarak detay al\u0131n.<\/p>\n\n\n\n

C. Oturum ve \u00c7erez \u0130nceleme<\/strong><\/p>\n\n\n\n

\u00c7erezlerin g\u00f6nderilip g\u00f6nderilmedi\u011fini, Set-Cookie ba\u015fl\u0131\u011f\u0131n\u0131 kontrol edin.<\/p>\n\n\n\n

401 Hatas\u0131 \u0130\u00e7in \u00c7\u00f6z\u00fcm Ad\u0131mlar\u0131<\/strong><\/p>\n\n\n\n

1. Do\u011fru Kimlik Bilgisi G\u00f6nderme<\/strong><\/p>\n\n\n\n