HTTP 403 Forbidden
The server understood the request and the client is authenticated, but they don't have permission.
What it means
403 means "I know who you are, but you can't do this." Authentication succeeded; authorization failed. The client shouldn't retry the same request — they need different credentials, more permissions, or to be on a different IP/network.
403 is also often used for WAF and bot-blocking responses ("your IP has been flagged"). If a monitor suddenly starts seeing 403s from an endpoint that worked yesterday, the most common cause is the monitoring egress IP getting blocked by a security rule.
Common causes
- Insufficient permissions or role
- WAF / firewall blocking the source IP
- Bot detection rule triggered by the User-Agent
- Region-restricted content (geo-block)
- Disabled or suspended account
How to fix it
- 1Verify the account has the required permissions
- 2Allowlist the monitoring source IPs in WAF / Cloudflare / firewall rules
- 3Set a recognizable User-Agent string on the monitor
How Uptimera reports 403
Uptimera flags 403 as down. For sites behind Cloudflare or another WAF, add Uptimera's egress IPs to the allowlist (see docs) so production checks aren't blocked.
Catch 403s before your customers do
Uptimera monitors your URLs from multiple regions and alerts the moment a 403 starts firing. Free plan included.