Apache 403 Forbidden — Access Denied

WebServerErrors Apache Reconnaissance / Access Violation

What This Means

Diagnose Apache HTTP 403 Forbidden errors. Detect unauthorized access attempts, .htaccess misconfigurations, and mod_security blocks on your Apache web server.

Example Log

203.0.113.55 - - [08/Mar/2026:15:30:12 +0000] "GET /.env HTTP/1.1" 403 498 "-" "python-requests/2.28.0"

Indicators of Suspicious Activity

403 responses from mod_security blocking malicious request patterns
Requests targeting sensitive files (.env, .htpasswd, .git/config, wp-config.php)
High volume of 403s from automated scanning tools
403 errors on directory requests where Options -Indexes is set
Requests with encoded traversal sequences blocked by Apache
403 from IP-based access controls in .htaccess or VirtualHost config

How to Investigate

Check the Apache error log for the specific reason (file permissions, .htaccess, mod_security)
Review mod_security audit log for rule IDs that triggered the block
Verify file and directory permissions match Apache user expectations
Test .htaccess rules for unintended blocking of legitimate requests
Correlate source IPs with other error codes and threat intelligence
Check if mod_security is running in DetectionOnly mode or blocking mode

Recommended Mitigations

Configure Apache to deny access to hidden files and sensitive extensions by default
Tune mod_security rules to minimize false positives while maintaining protection
Use Require ip directives to restrict admin areas to known IP ranges
Enable and configure mod_evasive for automated brute force protection
Customize Apache ErrorDocument 403 to return a generic page
Review .htaccess files regularly for security and correctness

Scan This Log Instantly

Paste a suspicious log line below and get an instant AI-powered security assessment.

0 / 2000

What is 5 + 9?

Need a Full Investigation?

Scan entire log files, detect attack patterns, reconstruct timelines, and generate a full investigation report.

Run Smart Scan

Related Log Types

Related Attack Patterns

Frequently Asked Questions

What causes Apache 403 Forbidden errors? ▼

Apache returns 403 when access is denied by file permissions, .htaccess rules, Require directives, mod_security rules, or Options -Indexes on directories without an index file.

How do I check why Apache returned 403? ▼

Check the Apache error log (usually /var/log/apache2/error.log). It will show the specific reason: client denied by server configuration, file permissions, or mod_security rule match.

What is mod_security and how does it cause 403s? ▼

mod_security is a web application firewall module for Apache. It inspects requests against rule sets (like OWASP CRS) and returns 403 when a request matches a known attack pattern.