tool::http-status-detail
403 Forbidden
The server refuses to fulfill the request (authenticated but unauthorized).
Status Code
403
Name
Forbidden
Category
4xxDetailed Explanation
HTTP 403 Forbidden indicates that the server understood the request but refuses to authorize it. Unlike 401, re-authenticating will not change the outcome. The server knows the client's identity but the client lacks permission to access the resource. Causes can include IP blocking, role-based access control, and file system permission issues.
Common Causes
- ▸The user lacks the required role/permission for the resource
- ▸The IP address is on a blocklist
- ▸Incorrect file/directory permissions on the server (chmod)
- ▸The request was blocked by a CORS policy
- ▸The request was blocked by a WAF (Web Application Firewall)
How to Fix
- 1.Check the user's roles and permissions (RBAC settings)
- 2.Verify server file permissions (chmod 644 for files, 755 for directories)
- 3.Review firewall and IP allowlist settings
- 4.Ensure the request origin is allowed in the CORS configuration
- 5.Check server access logs to identify the blocking rule
Related HTTP Headers
AllowAccess-Control-Allow-OriginResponse Example
HTTP/1.1 403 Forbidden
Content-Type: application/json
{"error":"forbidden","message":"You don't have permission to access this resource"}Related Status Codes
400Bad RequestThe server could not understand the request due to invalid syntax.→401UnauthorizedAuthentication is required and has failed or not been provided.→402Payment RequiredReserved for future use; some services use it for payment walls.→404Not FoundThe requested resource could not be found.→405Method Not AllowedThe HTTP method is not supported for this resource.→
ad · 300×250
// related tools