The 403 Forbidden Error occurs when an employee is not allowed to access a web page or other resource in the web browser.

Possible causes

  1. Access permissions

  2. Latent conditions such as password expiry

  3. Network component

What could be causing this type of Problem?

The administrator of the webserver did not grant an employee permission to access the resource. If access is expected, then it is possible that the permissions were set incorrectly.

Also, latent conditions such as password expiration can return the 403 error because while the page is trying to authenticate the employee, the password has already expired.

How to Scope this issue

The first step is to scope the issue to understand how serious or widespread the problem is.

Scoping with Applications

Using Applications Reliability dashboards, look at the various breakdowns and filter them to find correlations. For instance, specific errors could be present on:

Specific applications only

In this instance, try to understand what has changed concerning a particular web application.

Specific OS, browser version

Has something changed? Has the browser been updated recently? Using Nexthink, investigate various browser versions to understand if a specific version is experiencing this issue.

Specific hierarchy nodes

If an infrastructure component such as a network change, a proxy server, or something similar is causing the problem, then it is likely to be shown by a specific area in the hierarchy containing a high quantity of errors.

Specific key pages or URLs

Most likely, it is a change at the web app level. Involve the appropriate application support team.

Specific time frames only

Examine if it is a one-time event that must be investigated, or whether this is a recurring event where something on the network, e.g., corporate backup, may be altering the availability of the network.

Scoping with Nexthink Finder (classic)

Occasionally, the company’s security restrictions prevent the passthrough of the username and password externally. Investigate the path used to access the website. This will show if the connection is affected by the company’s network component (i.e., a proxy server or router). The employee can either provide a valid business reason to request access or accept the limitation.

In this case, you can search for failed connections with the Applications console and start an investigation in Finder. By entering the web address as a criterion in Finder and checking all connections to that domain or website, Finder returns valuable insights into the scope of the issue.

If a proxy server is in question, then Nexthink Finder can help better understand if this is the root cause. Create an investigation targeted at the domain name of the application in question and note whether most of the device traffic is going through a particular proxy. It is also possible to make the proxy server the actual target of the investigation itself and then use it to show various analytics, such as the number of failed requests or response times from the proxy. This approach will reveal any unexpected behaviors.

If available, reconfigure the device to an alternative proxy server. If the requested web page loads correctly, it is a good indication that the company’s proxy server may be the cause of the problem. Inform the teams responsible for the networking and proxy infrastructures within the organization of the issue and the scope of affected devices.

Possible Solutions

Fixing Employee Devices 

NOTICE: Consider the scoping procedures first, see the steps above.

Be aware of the scope of impact when running corrective actions using Nexthink. If you are dealing with a single device or just a few devices, the Remote Actions can be run in the background while providing help to the affected employees or they can even be performed silently.

Should the scoping reveal that the incident is widespread, the issue will require more attention. We recommend employing Engage Campaigns to ensure that affected employees will get a visual notification of any changes being performed through remote actions at scale because employees may not be aware of the Remote Action taking place.

Refresh the page

Refreshing the page can be a quick way to fix the problem because usually, the error is a temporary one. Press CTRL+F5, which works on most browsers, or refer to your documentation if needed.

Check if You Have Permission to Access the URL

A restricted website that requires an employee to log in to view its content might be causing the problem. Typically, servers are configured to show an error which informs users that they must be logged in to access the content. Check with individuals who are known to have access to the resource in order to verify if content can be successfully retrieved. This will indicate whether or not access has been granted to the page.

Confirm the password has not expired

Request that employees verify that their password has not expired or that their account has not become locked out. If this is the case, the authentication will fail and the error will appear.

Clear cache

If the cache hasn’t been cleared for a while, some of the files within it may be corrupt. Clearing the cache can help. Select the Basic data clearing option if the user does not want to lose saved passwords and other personalized data.

Use the remote actions to clear the browser cache on Edge or Chrome (‘Clear Edge / Chrome Settings’). Clearing of the cache can be carried out remotely to assist the user.

Double Check the Address

The most common cause of a 403 error is a mistyped URL. Check if the address you are trying to access is for a web page or file and not for a directory. A regular URL would end in .com, .php, .org, .html, or have an extension, while a directory URL would usually end with a “/”.

Most servers are configured to disallow directory browsing for security reasons. When they are properly configured, you should be redirected to a default page. If they are not properly configured, you might get a 403 error.

Infrastructure fixes

If the site being accessed is internal, your local IT department can check whether the employee in question should have access to it or not. If the access is expected by the user, then permission and server issues should be investigated. If no access is granted, then the appropriate approvals must be obtained before granting access.

In some cases, the error can occur because authentication is completely failing for the site, region, or globally. This can be caused by a failure by Active Directory or whatever other authentication is in use. It is a significant issue with noticeable effects that cause problems on employee devices as well as throughout the network, such as file-sharing becoming unavailable. Notify your IT infrastructure team immediately if you are experiencing such behavior.

Last updated