HTTP 403 Forbidden
Plain-English meaning
The server understood the request but refuses to authorize it.
Why it happens
Identity is known (or optional), but policy denies access to the resource.
Common causes
- Role lacks required permission
- WAF/security rule blocks source IP
- CSRF protection blocks request
- Filesystem ACL denies web process
What to check first
Check authorization policy logs, RBAC mapping, and edge firewall events for the request ID.
How to fix it
Grant required permission, tune deny rules, and keep 401/403 handling distinct for easier triage.
Example signal
GET /admin/settings HTTP/1.1 403 Forbidden
Related links
404 · 429 · 500 · 502 · 503 · 504 · Cloudflare 522 · Nginx 499 · ERR_CONNECTION_REFUSED
Client errors hub · Server errors hub · Comparison pages · Homepage