A web server may return a 403 Forbidden HTTP status code in response to a request from a client for a web page or resource to indicate that the server refuses to allow the requested action. In other words, the server can be reached, but the server declined to allow the requested access.
A typical request that may receive a 403 Forbidden response is a GET for a web page, performed by a web browser to retrieve the page for display to a user in a browser window. The web server may return a 403 Forbidden status for other types of requests as well.
The Apache web server returns 403 Forbidden in response to requests for url paths that correspond to filesystem directories, when directory listings have been disabled in the server. Some administrators configure the mod_proxy extension to Apache to block such requests, and this will also return 403 Forbidden. Microsoft IIS responds in the same way when directory listings are denied in that server. In WebDAV, the 403 Forbidden response will be returned by the server if the client issued a PROPFIND request but did not also issue the required Depth header, or issued a Depth header of infinity.)
403 substatus error codes for IIS 
- 403.1 - Execute access forbidden.
- 403.2 - Read access forbidden.
- 403.3 - Write access forbidden.
- 403.4 - SSL required.
- 403.5 - SSL 128 required.
- 403.6 - IP address rejected.
- 403.7 - Client certificate required.
- 403.8 - Site access denied.
- 403.9 - Too many users.
- 403.10 - Invalid configuration.
- 403.11 - Password change.
- 403.12 - Mapper denied access.
- 403.13 - Client certificate revoked.
- 403.14 - Directory listing denied.
- 403.15 - Client Access Licenses exceeded.
- 403.16 - Client certificate is untrusted or invalid.
- 403.17 - Client certificate has expired or is not yet valid.
- 403.18 - Cannot execute request from that application pool.
See also 
External links