403

Forbidden

Official Substatus codes
This request is not allowed

General explanation of the 403 status code

The HTTP status code 403 Forbidden is returned when a client sends a request to a server, but the server rejects the request due to permission issues. For example, if a username and password are stored in the .htpasswd and .htaccess, and this data is entered incorrectly, the HTTP status code 403 Forbidden is returned. This means that the client does not have the necessary permissions to access the requested resource. A common example is when a user tries to access a protected page for which they do not have access permission, or when a server denies access to a particular resource due to IP-based restrictions or authentication issues.

Specification of the HTTP status code 403

The 403 Forbidden status code indicates that the server understood the request but refuses to authorize it. A server that wishes to make public why the request has been forbidden can describe that reason in the response payload (if any). If authentication credentials were provided in the request, the server considers them insufficient to grant access. The client SHOULD NOT automatically repeat the request with the same credentials. The client MAY repeat the request with new or different credentials. However, a request might be forbidden for reasons unrelated to the credentials. An origin server that wishes to "hide" the current existence of a forbidden target resource MAY instead respond with a status code of 404 (Not Found).

Source / Quote by: The 403 Forbidden HTTP Status Code is specified by section 6.5.3 of RFC7231.

How to throw a 403 statuscode with PHP?

To throw the HTTP status code 403 on a web page, the PHP function http_response_code can be used. The syntax is as follows: http_response_code(403) (PHP 5 >= 5.4.0, PHP 7, PHP 8)

Test the 403 HTTP status code

In order to be able to display the HTTP status code (in this case 403 Forbidden) and other information on the client side, the development console must be opened with F12. Afterwards you have to navigate to the tab "Network". Now you can open the page, in the network tab you should see the web page (example index.php). This must be selected and then the Herder section must be selected. Here the user will see the following result:

Status code 403 Forbidden
Overview
URL: https://http-statuscode.com/errorCodeExample.php?code=403
Status: 403 Forbidden
Those: Network
IP address: XX.XX.XX.XX
Status code 403 Forbidden

How do I solve the problem with the 403 status code?

The HTTP status code 403 Forbidden indicates that the server has understood the request but denies it for some reason. It means that you don't have the necessary permissions to access the requested resource.

To solve the problem with HTTP status code 403 Forbidden, you can follow the steps below:

  • Check the URL: Make sure that the URL you entered is correct and points to the right resource or file. Also check for typos or extra characters in the URL.
  • Clear the cache and cookies:
  • Sometimes a bad cache or a conflict with cookies can lead to a 403 Forbidden error. Clear your browser's cache and cookies to make sure you're getting the latest version of the website.
  • Check permissions: Make sure you have the necessary permissions to access the requested resource. This is especially important if it is a protected resource that is only accessible to certain users or user groups. Check your credentials and contact the administrator if necessary.
  • Check the server configuration: the 403 Forbidden status code may also occur if the server is configured to deny access to certain files or directories. Check the server configuration to ensure that the required files and directories are accessible.
  • Check the firewall and security software: Sometimes a firewall or security software blocks access to certain websites or resources. Make sure your firewall or security software is configured to allow access to the corresponding website.
  • Contact the website owner or administrator: If the above steps do not work or you do not have access to the necessary permissions to fix the problem, it is best to contact the website owner or administrator. Explain the problem and provide as much information as possible to help troubleshoot.

It is important to note that the solution to the 403 Forbidden status code depends on the specific situation and some of the steps mentioned may not apply to your particular scenario. It may also be that the problem is on the server side and you, as an end user, have limited options to fix it. In such cases, it is best to contact the website owner or administrator for further assistance.

.

How to create a custom error page for the 403 status code

Creating your own 403 Forbidden error page is relatively easy with the web server "Apache" as well as with the web server "NGINX".

Apache Webserver

The web server "Apache" is one of the most popular web servers on the Internet. To create an own 403 Forbidden error page in "Apache", the following change must be made in the following file.

File: .htaccess
ErrorDocument 403 /errors/403.html

NGINX Webserver

Similar to the web server "Apache", "NGINX" is also widely used on the Internet. To create your own 403 Forbidden error page in "NGINX", the following change must be made in the following file.

File: sites-enabled/default
error_page 403 /403.html;
location = /403.html {
    root /usr/share/nginx/html;
    internal;
}

Browser compatibility of the 403 status code

Chrome Yes
Edge Yes
Firefox Yes
Opera Yes
Safari Yes
Chrome Android Yes
Firefox for Android Yes
Opera Android Yes
Safari on iOS Yes
Internet Yes
WebView Android Yes

What SEO impact does the 403 status code have?

The HTTP status code 403 Forbidden indicates that access to a particular resource on a web server has been denied. This can happen for various reasons, e.g. due to missing permissions. The status code not only has a direct impact on the user experience, but also has relevant consequences in terms of search engine optimization (SEO).

Accessibility and crawling when HTTP status code 403 Forbidden

A fundamental goal of SEO is to ensure that website content can be crawled and indexed easily by search engine bots. If a bot is denied access to a resource by a 403 Forbidden status code, that page will not be included in the search index. In the long run, this can result in content that may be relevant to search queries not appearing in search results, which has a direct impact on the site's organic traffic.

User Experience and Trust

Aside from the technical aspect of accessibility, user experience plays a crucial role in SEO. A page that frequently issues the 403 Forbidden status code can lead to user frustration. If pages that appear in search results are inaccessible, users may lose trust in the site and possibly move to a competitor's site. Search engines may also see this and lower the credibility of the site in their rankings.

Potential for Duplicate Content with the 403 Forbidden Status Code

In some cases, a 403 Forbidden status code can lead to content being duplicated on different URLs, especially if webmasters try to make the prohibited content accessible by redirecting or copying it elsewhere. Duplicate content can be problematic because search engines may have difficulty determining which version of the page is relevant. This can result in the wrong version of the page being displayed in search results or an overall decrease in ranking.

Conclusion on the SEO impact of status code 403 Forbidden

An HTTP status code 403 Forbidden Forbidden is critical from an SEO perspective. Not only does it hinder crawling and indexing by search engine bots, but it can also affect the user experience and increase the risk of duplicate content. It is therefore important to perform regular checks to identify and fix such problems in order to optimize a website's SEO performance.

Constants in programming languages

HttpStatusCode.Forbidden
http.StatusForbidden
Response::HTTP_FORBIDDEN
httplib.FORBIDDEN
http.client.FORBIDDEN
http.HTTPStatus.FORBIDDEN
:forbidden

Example of "Client request" and "Server response" for HTTP status code 403

Client request:

GET /securedpage.php HTTP/1.1
Host: www.example.org

Server response:

HTTP/1.1 403 Forbidden
Content-Type: text/html

<html>
<head><title>403 Forbidden</title></head>
<body>
<h1>Forbidden</h1>
<p>You don't have permission to access /securedpage.php on this server.</p>
</body>
</html>

Sub status codes of the 403 status code

Sub status codes are purely technical, and should never be sent to the user. For example, if status code 403.1 is thrown, it may be logged, but status code 403 will be sent to the user.:
403.1 Execute access forbidden
HTTP IIS, Unofficial
403.2 Read access forbidden
HTTP IIS, Unofficial
403.3 Write access forbidden
HTTP IIS, Unofficial
403.4 SSL required
HTTP IIS, Unofficial
403.5 SSL 128 required
HTTP IIS, Unofficial
403.6 IP address rejected
HTTP IIS, Unofficial
403.7 Client certificate required
HTTP IIS, Unofficial
403.8 Site access denied
HTTP IIS, Unofficial
403.9 too many clients are trying to connect to the web server
HTTP IIS, Unofficial
403.10 web server is configured to deny Execute access
HTTP IIS, Unofficial
403.11 Password has been changed
HTTP IIS, Unofficial
403.12 Mapper denied access
HTTP IIS, Unofficial
403.13 Client certificate revoked
HTTP IIS, Unofficial
403.14 Directory listing denied
HTTP IIS, Unofficial
403.15 Client access licenses have exceeded limits on the web server
HTTP IIS, Unofficial
403.16 Client certificate is untrusted or invalid
HTTP IIS, Unofficial
403.17 Client certificate has expired or is not yet valid.
HTTP IIS, Unofficial
403.18 Cannot execute requested URL in the current application pool
HTTP IIS, Unofficial
403.19 Cannot execute CGI applications for the client browser in this application pool
HTTP IIS, Unofficial
403.20 Passport logon failed
HTTP IIS, Unofficial
403.21 Source access denied
HTTP IIS, Unofficial
403.22 Infinite depth is denied
HTTP IIS, Unofficial
403.501 Too many requests from the same client IP; Dynamic IP Restriction Concurrent request rate limit reached
HTTP IIS, Unofficial
403.502 Too many requests from the same client IP; Dynamic IP Restriction Maximum request rate limit reached
HTTP IIS, Unofficial
403.503 the IP address is included in the Deny list of IP Restriction
HTTP IIS, Unofficial
403.504 the host name is included in the Deny list of IP Restriction
HTTP IIS, Unofficial

Blog Articles

The difference between HTTP status code 402 and 403

When we deal with the World Wide Web and the communication between servers and clients, we come across various status codes that describe the state of an HTTP request. Two of these status codes tha...

SEO and HTTP status codes: A comprehensive analysis

Optimizing a website for search engines (SEO) is a complex undertaking. One of the often overlooked but crucial aspects for a good ranking are HTTP status codes. These small, three-digit codes info...

Author: Tony Brüser
Author: Tony Brüser

AUTHOR_TONY

LinkedInGitHub