Community Tip - Fixing Error 403 Forbidden

Try the suggestions in this Community Tip to help you fix Error 403 Forbidden.

A 403 Forbidden Error is a client side error that means that the client sent something the origin was unable to process. With the exception of requests that violate WAF rules or subdomains that are not covered by a certificate, Cloudflare does not generate any 4xx errors, so this would indicate something is not configured correctly with your hosting provider or your client is sending something incorrect. When this happens, in your browser you’ll see the message “Error 403: Forbidden”. If the Quick Fix Ideas here don’t help, the best next step would be to generate a HAR file and send this to your hosting provider to identify what potential misconfiguration could be in place.

Quick Fix Ideas

  1. You recently upgraded from a Free account to a Pro subscription; the 403 error is a temporary error related to an issue while replacing the certificate from the Free account with a certificate for the Pro account.

  2. Try using a different browser, or use a private/incognito window. Your DNS cache may be pointing to the origin server.

  3. You’re only seeing the error from certain countries. Check the origin server configuration for a country block.

  4. Pause Cloudflare until the issue is resolved, see How do I temporarily pause Cloudflare?.

  5. Disable the Browser Integrity Check.

  6. If you’re seeing a black & white 403 Forbidden error page without Cloudflare branding, this is always returned directly from the origin web server, not Cloudflare, and is generally related to permission rules on your server, either a permission rule you have set or an error in the .htaccess rules, Mod_security rules, or IP Deny rules. Make sure that Cloudflare’s IPs aren’t blocked.

  7. Cloudflare will serve 403 responses if the request violated either a default WAF rule enabled for all orange-clouded Cloudflare domains or a WAF rule enabled for that particular zone.

  8. Cloudflare will also serve a 403 Forbidden response for SSL connections to subdomains that aren’t covered by any Cloudflare or uploaded SSL certificate.

Research The Issue

If You Need More Help
This community of other Cloudflare users may be able to assist you, login to Cloudflare and post your question to the Community. When you post on the Community make sure to include as much of this information as possible: the specific error message you are seeing, the URLs this is happening on, screen shot of the error, and the steps to reproduce the error. Please indicate what troubleshooting steps you’ve tried in order to help us help you.

Expert Comments Appreciated
This Community Tip will remain open for input from Community experts and those familiar with this issue. We really appreciate comments like: “What are the three things to always try”, or “Do this first” or “In my experience”.

This is a Cloudflare Community Tip, to review other tips, click here.

Çevirme…traduzir…翻译…traducir…Traduire…Übersetzen…:greyg: Translate this Tip