HTTP 403

HTTP
Persistence Compression HTTPS
Request methods
OPTIONS GET HEAD POST PUT DELETE TRACE CONNECT PATCH
Header fields
Cookie ETag Location HTTP referer DNT X-Forwarded-For
Status codes
301 Moved Permanently 302 Found 303 See Other 403 Forbidden 404 Not Found

A web server may return a 403 Forbidden HTTP status code in response to a request from a client for a web page or resource to indicate that the server can be reached and understood the request, but refuses to take any further action. Status code 403 responses are the result of the web server being configured to deny access, for some reason, to the requested resource by the client.

A typical request that may receive a 403 Forbidden response is a GET for a web page, performed by a web browser to retrieve the page for display to a user in a browser window. The web server may return a 403 Forbidden status for other types of requests as well.

The Apache web server returns 403 Forbidden in response to requests for url paths that correspond to filesystem directories, when directory listings have been disabled in the server. Some administrators configure the Mod proxy extension to Apache to block such requests, and this will also return 403 Forbidden. Microsoft IIS responds in the same way when directory listings are denied in that server. In WebDAV, the 403 Forbidden response will be returned by the server if the client issued a PROPFIND request but did not also issue the required Depth header, or issued a Depth header of infinity.^[1]

Difference from status "401 Unauthorized"

Status codes 401 (Unauthorized) and 403 (Forbidden) have distinct meanings.

A 401 response indicates that access to the resource is restricted, and the request did not provide any authentication. It is possible that a new request for the same resource will succeed if authentication is provided. That might be accomplished via an Authorization header, a login cookie, or in some other way.

A 403 response generally indicates one of two conditions:

Authentication was provided, but the authenticated user is not permitted to perform the requested operation.
The operation is forbidden to all users. Repeating the request with authentication would serve no purpose.

403 substatus error codes for IIS

en.Wikipedia error message

The following nonstandard code are returned by Microsoft's Internet Information Services and are not officially recognized by IANA.

403.11 - Password change.
403.12 - Mapper denied access.
403.13 - Client certificate revoked.
403.14 - Directory listing denied.
403.15 - Client Access Licenses exceeded.
403.16 - Client certificate is untrusted or invalid.
403.17 - Client certificate has expired or is not yet valid.
403.18 - Cannot execute request from that application pool.

References

↑ "HTTP Extensions for Web Distributed Authoring and Versioning (WebDAV)". IETF. June 2007. Retrieved November 10, 2009.

Apache Module mod_proxy - Forward and Reverse Proxies

External links

Error messages

Common	ABEND Fatal exception error Fatal system error Out of memory Segmentation fault

Infamous	Abort, Retry, Fail? Bad command or file name Can't extend Guru Meditation HTTP 404 Kernel panic Linux kernel oops lp0 on fire Not a typewriter PC LOAD LETTER Sad Mac Red Ring of Death Yellow Light of Death Screen of death Blue Black

Humorous	Halt and Catch Fire HTTP 418

Lists	List of HTTP status codes List of FTP server return codes

Related	Bomb Kill screen Spinning pinwheel

HTTP 403

Difference from status "401 Unauthorized"

403 substatus error codes for IIS

See also

References

External links