How to fix HTTP 403 Forbidden?

Check User Permissions: Access Control

How to fix HTTP 403 Forbidden?

Check Filesystem Permissions: Server Administration

403

HTTPERRORNotable4xx Client ErrorHIGH confidence

Forbidden

Production Risk

Moderate. It is a normal part of access control. However, if it appears incorrectly, it can block legitimate users from performing their tasks.

What this means

The client does not have access rights to the content; that is, it is unauthorized, so the server is refusing to give the requested resource. Unlike 401, the client's identity is known to the server, but they are still not permitted access.

Why it happens

1A user is logged in but tries to access an administrator-only page.
2File permissions on the server prevent the web server process from reading a file.
3An IP address has been blacklisted due to suspicious activity.
4A user tries to perform an action they do not have the role for (e.g., a viewer trying to edit).

How to reproduce

A logged-in user with 'viewer' permissions attempts to access an API endpoint reserved for 'editor' roles.

trigger — this will error

GET /admin/settings HTTP/1.1
Host: example.com
Cookie: session=...

expected output

HTTP/1.1 403 Forbidden

Fix 1

Check User Permissions

WHEN A logged-in user receives this error.

Check User Permissions

Verify the user's role and permissions. Request access from an administrator if needed.

Why this works

Access Control

Fix 2

Check Filesystem Permissions

WHEN This error appears for a static file.

Check Filesystem Permissions

chmod 644 /path/to/your/file.html

Why this works

Server Administration

What not to do

Sources

Official documentation ↗

RFC 7231

https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/403 ↗

Content generated with AI assistance and reviewed for accuracy. Found an error? hello@errcodes.dev

At a glance

PlatformHTTP Status Codes

Code403

Class4xx Client Error

SeverityERROR

TierNotable

ConfidenceHIGH

← All HTTP errors