A web server may return an HTTP 403 Forbidden status in response to a request from a client for a web page or it may indicate that the server can be reached and process the request but refuses to take any further action. HTTP status code 403 responses are the result of the web server being configured to deny access to the requested resource by the client.
A common request that may result in a 403 Forbidden response is a HTTP GET request for a web page performed by a web browser to retrieve the page for display to a user in a browser window. The web server may return a 403 Forbidden status for other types of requests as well.
The Apache web server returns 403 Forbidden in response to requests for URL paths that correspond to file systemdirectories when directory listings have been disabled in the server and there is no Directory Index directive to specify an existing file to be returned to the browser. Some administrators configure the Mod proxy extension to Apache to block such requests and this will also return 403 Forbidden. Microsoft IIS responds in the same way when directory listings are denied in that server. In WebDAV, the 403 Forbidden response will be returned by the server if the client issued a PROPFIND request but did not also issue the required Depth header or issued a Depth header of infinity