HTTP 423 Locked

HTTP 423 Locked is a WebDAV extension status code meaning the resource the client tried to modify is currently locked by another client or process. Standard HTTP does not use 423 — it appears exclusively in WebDAV and WebDAV-based systems like SharePoint, Exchange, and collaborative document servers.

Quick reference

Code	423
Name	Locked
Category	4xx Client Errors
Specification	RFC 4918 §11.3 (WebDAV)
IANA status	Assigned
Used in	WebDAV only. Not used in standard HTTP APIs or web applications.
Client behavior	Check if the lock can be released, wait for the lock to expire, or request the lock token from the current lock holder before retrying.
In-depth guide	HTTP 423 WebDAV locking guide →

What it means

WebDAV (Web Distributed Authoring and Versioning) extends HTTP with collaborative editing capabilities, including a locking mechanism that prevents conflicting modifications. When a client locks a resource with a LOCK request, it receives a lock token. Any subsequent modification requests from a different client — or from the same client without the token — return 423 until the lock is released or expires.

There are two lock scopes defined by WebDAV: exclusive locks, where only the lock holder can modify the resource, and shared locks, where multiple clients hold shared locks but no exclusive lock can coexist with them. 423 can be triggered by either scope depending on the conflict.

In practice, 423 most often appears in enterprise environments using SharePoint, Microsoft Office 365 co-authoring, Exchange, or custom WebDAV-enabled content management systems. A developer encountering 423 outside of these contexts should verify the server is actually implementing WebDAV — a non-WebDAV server returning 423 is likely misconfigured.

Lock tokens and the If header

To modify a locked resource, a client must include the lock token in the If header of the request. The token is a URI string returned in the Lock-Token response header when the LOCK request was made. Without the correct token, the server returns 423. If the token expires before the operation completes, the server may return 423 or a more specific error depending on the implementation.

Common causes

Another client holds an exclusive lock

The most common cause: a different WebDAV client opened and locked the resource for editing. Office applications lock files on WebDAV shares when opened — if a user opens a Word document from a SharePoint library, the file is locked until they close it. Other users editing the same file get 423.

Abandoned lock from a crashed client

If the locking client crashes or loses its connection without issuing an UNLOCK request, the lock persists until its timeout expires. Locks have a configurable timeout; a long-lived lock from an abandoned session can block other clients for extended periods. Administrators can force-unlock resources via server management tools or by waiting for the timeout.

Lock held by a server process or backup job

Automated jobs — backup scripts, indexing services, content migration tools — may lock resources during their operations. If a modification request arrives while the job holds the lock, 423 results. Scheduling jobs during low-traffic windows reduces conflict likelihood.

Infinite-depth locks on collections

WebDAV supports locking an entire collection (directory) with depth infinity, locking all resources within it. A lock on a parent collection causes 423 for any write operation on any child resource, even if the child itself is not directly locked. The lock scope must be understood before attempting to unlock the correct resource.

How to resolve a 423 error

Identify the lock holder. Use a PROPFIND request with Depth: 0 to query the DAV:lockdiscovery property on the resource. This returns lock owner information and expiry time without requiring the lock token.
Wait for the lock to expire. If the lock holder is a timed-out session, wait for the lock's timeout to pass. WebDAV servers typically have configurable default lock timeouts; check server settings.
Request an UNLOCK from the lock holder. If the lock holder is another user or service, contact them to close the file or explicitly unlock the resource with an UNLOCK request including their lock token.
Force-unlock via server administration. Most WebDAV server implementations (SharePoint, Apache mod_dav, etc.) have administrative interfaces or commands to forcibly release locks. This should be a last resort as it may cause data loss for the lock holder.
Use the lock token if you are the lock holder. If you originally locked the resource, include the lock token in the If request header and the operation will succeed.

423 vs 409 vs 412

Code	Condition	Context
423	Resource is locked by a WebDAV lock	WebDAV environments only
409	Request conflicts with current resource state	General HTTP; version conflicts, state machines
412	Precondition in If or ETag header not met	General HTTP; conditional request failed

Related resources

On this site: HTTP 423 WebDAV locking guide · HTTP 424 Failed Dependency · HTTP 409 Conflict · HTTP 412 Precondition Failed · All 4xx client errors

Standards: RFC 4918 §11.3 · IANA Registry · MDN Web Docs: 423