# Can I configure which HTTP status codes count as "up"?

Yes. By default, Oh Dear treats any status code in the **200-399** range as "up", and anything else as a failure. You can override this per monitor if your endpoint intentionally returns different codes.

## Where to configure valid HTTP status codes

1. Open the monitor.
2. Go to **Settings** > **Uptime check**.
3. Find **Valid status codes**.
4. Enter the codes (or ranges) you consider "up".

## Valid HTTP status code entries

- **Exact codes**: `200`, `201`, `204`
- **Wildcard ranges**: `2*` (all 2xx), `3*` (all 3xx), `4*` (all 4xx)
- **Multiple values**: `200, 204, 302`

A common pattern for monitoring an authenticated endpoint you **expect** to return 401 is to list `401` as a valid code. That way Oh Dear treats the "authentication required" response as proof the endpoint is reachable, without needing to send credentials.

## HTTP status code configuration examples

- **Healthcheck endpoint**: `200` (and only 200)
- **Auth-required API**: `401, 403` (the API is up if it rejects unauthenticated requests)
- **Redirect endpoint**: `301, 302, 307, 308`
- **Relaxed monitoring**: `2*, 3*` (default, don't care what specifically it returns as long as it's success or redirect)

## Combine with look-for-string for stronger signal

HTTP status codes are easy to fake. A server can return 200 OK on a "we're on fire" error page. For endpoints where correctness matters, combine the status-code check with a [look-for-string assertion](/docs/features/uptime-and-performance-monitoring#uptime-check-options) on a specific snippet you expect in the body. That way the check fails if either the code or the content is wrong.

More background on what each status code means: [What are HTTP status codes?](/docs/faq/what-are-http-status-codes).
