If you're seeing a 403 error without CloudFlare branding, this is always returned directly from the web server, not CloudFlare, and is generally related to permission rules on your server.
The top reasons for this error are:
1. Permission rules you have set or an error in the .htaccess rules you have set.
2. Mod_security rules.
3. IP Deny rules
Since CloudFlare can not access your server directly, please contact your hosting provider for assistance with resolving 403 errors and fixing rules. You should make sure that CloudFlare's IPs aren't being blocked.
If you're seeing a 403 response that contains CloudFlare branding in the response body, this is the HTTP response code returned along with many of our security features:
- Web Application Firewall challenge and block pages
- Basic Protection level challenges
- Most 1xxx CloudFlare error codes
- The Browser Integrity Check
- If you're attempting to access a second level of subdomains (eg-
*.*.example.com) through CloudFlare using the CloudFlare-issued certificate, a HTTP 403 error will be seen in the browser as these host names are not present on the certificate.
If you have questions as to why you're seeing a CloudFlare branded 403, please include a screenshot of the message you see or copy the all the text on the page into a support ticket.