Security Features Home Extensions Ecosystem

These are ordered from first to last in accordance to the request’s pipeline.

Both HTTP errors and logged warnings/error are listed here.

1 Debugging
2 Overriding HTTP errors
3 IO errors
3.1 Connecting
3.2 Reverse proxy
4 Not acceptable
4.1 Byte range
5 Not Found
6 Illegal paths


The logged errors are useful. See the log crate for more info.

All HTTP errors originating from Kvarn contain a reason header which contains more info about the issue. If the error response isn’t overridden, it’s also contained in the body.

Overriding HTTP errors

Put the HTML file in errors/xxx.html to return that in case of an error. You can use Present extensions here, as with any other file.

The errors/ part of the path mentioned above is customizable using the host::Options.

In the future, you should be able to control this through other extensions (e.g. prepare extensions).

IO errors

Any errors writing to the stream will result in a log error and an aborted connection.

Errors in reading the body is however handled the user.


Errors on initial connection and reading errors will also abort the connection and log.

Reverse proxy

Erroneous responses and timeouts will result in 502 and 504 errors, respectively.

Not acceptable

If the request contains accept requirements which could not be fulfilled, a 406 is returned.

Byte range

The same goes for the built in byte ranges - if they’re out of bounds, a HTTP error is send back.

404 Not Found

If no file was found (or the FS option is disabled), and no prepare extension was found, a 404 is generated. This can in turn be modified by a package extension. That is however almost never the correct thing.

Illegal paths

Some paths are disallowed by Kvarn due to security reasons. These include (though are not exclusive) ./ and //. This will return a 400.