How to Fix 403 Forbidden Error (Step-by-Step)
This page prioritizes the fastest working fix, not exhaustive diagnosis.
403 Forbidden means your request reached the server, but access was denied.
This page shows the exact repair order that fixes most 403 errors first —
no guessing, no long tutorials.
Generate the correct fix
1) Where do you see the 403 error?
- Browser shows a 403 page
- CDN / Cloudflare shows a 403 page
- API request / curl returns 403
- Not sure
2) Recent changes? (optional)
- After deploy
- After config change
- After domain / DNS change
Most likely fix (recommended order)
Step 1 — Permissions (highest success rate)
- Directories:
755 - Files:
644 - Ensure the web server user can read the path
Step 2 — Path mismatch (root / alias)
- Confirm configured
rootoraliaspath exists - Check for typos
- Confirm the directory is not empty
Step 3 — Reload server
- Nginx:
nginx -s reload - Apache:
apachectl graceful
If it’s Cloudflare / CDN 403
- Temporarily verify by disabling the blocking rule (WAF / firewall rule)
- Check IP / country blocking
- Purge cache and retry
If it’s API 403
- Verify token / API key exists
- Check permission / scope
- Retry with minimal required scope
Why this exists
People search “403 forbidden” constantly, yet most answers only list possibilities. This page gives you the next step that usually works.