HTTP 403

HTTP 403 is an HTTP status code that indicates that the server that the client is attempting to communicate with understood the request, but will not fulfill it for a reason other than authorization. There are a number of substatus codes to provide greater granularity for describing the reason for responding with the status code.

Error 403: "The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated."

Error 401: "The request requires user authentication. The response MUST include a WWW-Authenticate header field (section 14.47) containing a challenge applicable to the requested resource. The client MAY repeat the request with a suitable Authorization header field (section 14.8). If the request already included Authorization credentials, then the 401 response indicates that authorization has been refused for those credentials." RFC2616

See "403 substatus error codes for IIS" for possible reasons of why the webserver is refusing to fulfill the request.

The Apache web server returns 403 Forbidden in response to requests for URL paths that correspond to file system directories when directory listings have been disabled in the server and there is no Directory Index directive to specify an existing file to be returned to the browser. Some administrators configure the Mod proxy extension to Apache to block such requests and this will also return 403 Forbidden. Microsoft IIS responds in the same way when directory listings are denied in that server. In WebDAV, the 403 Forbidden response will be returned by the server if the client issued a PROPFIND request but did not also issue the required Depth header or issued a Depth header of infinity

The following nonstandard codes are returned by Microsoft's Internet Information Services and are not officially recognized by IANA.

This page was last edited on 22 May 2018, at 20:56.
Reference: under CC BY-SA license.

Related Topics

Recently Viewed