root@hack3rs:/srv/www$ curl -i /403/
HTTP/1.1 403 Forbidden
Access denied — the server understood the request but will not fulfill it.
status-summary.log
HTTP 403 Forbidden
Authentication may be valid, but a policy, ACL, role assignment, or network control is blocking access to this resource.
This is an authorization decision, not an authentication failure. Check RBAC roles, resource ACLs, and WAF rules before looking at identity.
likely-causes.lst
- $Role or group membership does not permit the requested action.
- $WAF, IP allowlist, geo-restriction, or firewall rule blocked the request.
- $Filesystem or object ACL denies read or write access.
- $CSRF token missing or origin policy validation failed.
recovery-steps.md
- Review role assignments and resource-level ACLs for the requesting identity.
- Check WAF and firewall logs for an explicit deny event tied to this request.
- Verify the request origin, HTTP method, and CSRF token if applicable.
- Grant access using least-privilege changes and retest.
quick-actions.sh
ops-note.txt
Use these pages for debugging and user guidance. In production, configure your host or reverse proxy to return the matching HTTP status code for the route (especially for 403 and 404/500 responses) rather than serving a 200 with error-themed content.