Jump to content
 







Main menu
    


Navigation  


Main page
 Contents
 Current events
 Random article
 About Wikipedia
 Contact us
 Donate
  



Contribute  


Help
 Learn to edit
 Community portal
 Recent changes
 Upload file
  







Search  

































Create account

Log in
 









Create account
  Log in
  



Pages for logged out editors learn more  


Contributions
 Talk
  


















Contents

   



(Top)
  


1 Specifications  




2 Causes  




3 Examples  




4 Substatus error codes for IIS  




5 See also  




6 Notes  




7 References  




8 External links  













HTTP 403






العربية
 Deutsch
 Ελληνικά
 Español
 فارسی
 Français
Bahasa Indonesia
 עברית
 Magyar
 Bahasa Melayu
Português
 Русский
 Shqip
Српски / srpski
 Türkçe
 Українська
 Tiếng Vit
 
Edit links
  








Article
 Talk
  
















Read
 Edit
 View history
  







Tools
    


Actions  


Read
 Edit
 View history
  



General  


What links here
 Related changes
 Upload file
 Special pages
 Permanent link
 Page information
 Cite this page
 Get shortened URL
 Download QR code
 Wikidata item
  



Print/export  


Download as PDF
 Printable version
  















Appearance
    

 





From Wikipedia, the free encyclopedia
  

"403 Forbidden" redirects here. For the Mr. Robot episode, see 403 Forbidden (Mr. Robot).
HTTP
Request methods
Header fields
Response status codes
Security access control methods
Security vulnerabilities
  • t
  • e

    • HTTP 403 is an HTTP status code meaning access to the requested resource is forbidden. The server understood the request, but will not fulfill it, if it was correct.

    Specifications[edit]

    HTTP 403 provides a distinct error case from HTTP 401; while HTTP 401 is returned when the client has not authenticated, and implies that a successful response may be returned following valid authentication, HTTP 403 is returned when the client is not permitted access to the resource despite providing authentication such as insufficient permissions of the authenticated account.[a]

    Error 403: "The server understood the request, but is refusing to authorize it." (RFC 7231)[1]

    Error 401: "The request requires user authentication. The response MUST include a WWW-Authenticate header field (section 14.47) containing a challenge applicable to the requested resource. The client MAY repeat the request with a suitable Authorization header field (section 14.8). If the request already included Authorization credentials, then the 401 response indicates that authorization has been refused for those credentials." (RFC 2616)[2]

    The Apache web server returns 403 Forbidden in response to requests for URL[3] paths that corresponded to file system directories when directory listings have been disabled in the server and there is no Directory Index directive to specify an existing file to be returned to the browser. Some administrators configure the Mod proxy extension to Apache to block such requests and this will also return 403 Forbidden. Microsoft IIS responds in the same way when directory listings are denied in that server. In WebDAV, the 403 Forbidden response will be returned by the server if the client issued a PROPFIND request but did not also issue the required Depth header or issued a Depth header of infinity.[3]

    Causes[edit]

    A 403 status code can occur for the following reasons:[4]

    Examples[edit]

    Client request:[5] 

    GET /securedpage.php HTTP/1.1
Host: www.example.org

    Server response:[5] 

    HTTP/1.1 403 Forbidden
Content-Type: text/html

<html>
   <head><title>403 Forbidden</title></head>
   <body>
      <h1>Forbidden</h1>
      <p>You don't have permission to access /securedpage.php on this server.</p>
   </body>
</html>

    Substatus error codes for IIS[edit]

    en.Wikipedia error message

    The following nonstandard codes are returned by Microsoft's Internet Information Services, and are not officially recognized by IANA.[6]

    See also[edit]

    Notes[edit]

    1. ^ See #Substatus error codes for IIS for possible reasons of why a webserver may refuse to fulfill a request.

    References[edit]

    1. ^ Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content. IETF. sec. 6.5.3. doi:10.17487/RFC7231. RFC 7231.
  • ^ Nielsen, Henrik; Mogul, Jeffrey; Masinter, Larry M.; Fielding, Roy T.; Gettys, Jim; Leach, Paul J.; Berners-Lee, Tim (June 1999). "RFC 2616 - Hypertext Transfer Protocol - HTTP/1.1". Tools.ietf.org. doi:10.17487/RFC2616. Retrieved 2018-04-09.
  • ^ a b "HTTP Extensions for Web Distributed Authoring and Versioning (WebDAV)". IETF. June 2007. Archived from the original on March 3, 2016. Retrieved January 12, 2016.
  • ^ HTTP status code 402 How do I solve the problem with the 403 status code?
  • ^ a b Example of "Client request" and "Server response" for HTTP status code 403
  • ^ HaiyingYu (2023-02-23). "HTTP status code overview - Internet Information Services". learn.microsoft.com. Retrieved 2024-05-19.

    • External links[edit]


    Retrieved from "https://en.wikipedia.org/w/index.php?title=HTTP_403&oldid=1231160876"
    Categories: 
    Computer errors
     Hypertext Transfer Protocol status codes
     Hidden categories: 
    Articles with short description
     Short description is different from Wikidata
      


    This page was last edited on 26 June 2024, at 20:36 (UTC).
    Text is available under the Creative Commons Attribution-ShareAlike License 4.0; additional terms may apply. By using this site, you agree to the Terms of Use and Privacy Policy. Wikipedia® is a registered trademark of the Wikimedia Foundation, Inc., a non-profit organization.


    Privacy policy
    About Wikipedia
    Disclaimers
    Contact Wikipedia
    Code of Conduct
    Developers
    Statistics
    Cookie statement
    Mobile view


    Wikimedia Foundation
    Powered by MediaWiki