HTTP 403 Forbidden


The HTTP 403 Forbidden status code indicates that the server understands the request but refuses to authorize it. This response is typically sent when the server does not wish to reveal exactly why the request has been refused, or when no other response is applicable.


The HTTP 403 response is used to indicate that the client’s request is understood but not authorized. Access to the resource is permanently forbidden and is not dependent on authentication status.


Client Behavior:

  1. Send Request: The client sends an HTTP request to access a protected or forbidden resource.
  2. Receive Response: The client receives the HTTP 403 status code, indicating that access to the resource is denied.

Server Behavior:

  1. Evaluate Access Rights: The server determines that the client does not have permission to access the requested resource.
  2. Send Response: The server sends a 403 Forbidden response, denying access to the resource.


  • Restricted Content: Accessing resources that the client does not have permission to access.
  • Sensitive Operations: Trying to perform operations that are forbidden, such as deleting critical data.

Sequence Diagram

Illustrating the process for an HTTP 403 response:

    participant Client
    participant Server as Web Server

    Note over Client: Client requests access to a resource
    Client->>Server: GET /restricted-resource HTTP/1.1
    Note over Server: Server denies access
    Server->>Client: HTTP/1.1 403 Forbidden

Curl Request and Response Example

Sending a request using Curl to a resource that is forbidden:

curl -i
# Expected response: HTTP/1.1 403 Forbidden

PHP cURL Request and Response Example

PHP script using cURL to handle a 403 Forbidden response:

$ch = curl_init('');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($ch);
if (curl_getinfo($ch, CURLINFO_HTTP_CODE) == 403) {
    echo "Access to the resource is forbidden.";

Python Request and Response Example

Python script to send a GET request and handle a 403 Forbidden response:

import requests
response = requests.get('')
if response.status_code == 403:
    print("Access to the resource is forbidden")

Apache Configuration for HTTP 403 Forbidden

Configuring Apache to restrict access to certain resources:

<VirtualHost *:80>
    <Location "/restricted-resource">
        Require all denied

NGINX Configuration for HTTP 403 Forbidden

Setting up NGINX to deny access to specific resources:

server {
    listen 80;
    location /restricted-resource {
        deny all;

HTTP 402 Payment Required HTTP 404 Not Found


Free Weekly


Join my weekly newsletter for the latest in tech! You'll get neat coding tricks, trend updates, career advice, SaaS reviews, crypto, bitcoin, and financial tips. All straight to your inbox, designed to keep you ahead.