Are you trying to resolve PHP curl 403 forbidden error?

This guide is for you.

The HTTP 403 Forbidden client error status response code indicates that the server understood the request but refuses to authorize it. This status is similar to 401 , but in this case, re-authenticating will make no difference.

Many of our customers approach us with this curl error. this error occurs due to syntax errors in code and mod-security.

Here at Ibmi Media, as part of our Server Management Services, we regularly help our Customers to fix PHP related errors.

In this context, we shall look into the different reasons why 403 forbidden error occurs and their respective fixes.

How to fix PHP curl 403 forbidden ?

1. Syntax errors lead to 403 forbidden error

Recently, one of our customers approached us with this error. 

He tried to execute the following code to download the file using a PHP curl script.

/* gets the data from a URL */
function get_data($url) {
$ch = curl_init();
$timeout = 5;
curl_setopt($ch, CURLOPT_URL, $url);
curl_close($ch);
return $data;

So, we rewrote the code section “function get_data($url) {” as likewise:

$returned_content = get_data('https://(website url name)');

Also, we add this User-Agent with the code.

$userAgent = 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)';
curl_setopt($ch, CURLOPT_USERAGENT, $userAgent);

This resolved the PHP curl error for him.

2. mod_security issues causing PHP cURL 403 error

In another case, we had a customer who approached us with the same error after he submitting forms that contain PHP curl.

On investigating, we found that mod_security was enabled.

The mod_security feature scans all POST requests to the web site for forbidden words that might indicate that someone is trying to hack the system.

If this feature conflicts then the Apache will end up throwing an error message.

In order to disable ‘mod_security’ for the website, we go to ‘document root’ of the website. Then we open the .htaccess file.

After that, we add the below code in it.

<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>

Finally, we save the file.

3. Incorrect coding issue

Coding errors can also cause curl errors.

Here is an example, where our customer was trying to access the site with authentication.

He used the below incorrect code and received 403 forbidden error.

HTTP/1.1 403 Forbidden
content Type; Text/plain
date: wed 27 jan 2021 14:40:19 GMT

The credentials he was using were correct but still was unable to access the site with authentication.

However, Our Support Experts found a solution to this error:

It requires a csrt token (on a page with a form that wants to protect, the server would generate a random string) to log in.

Here, the customer didn’t provide a code to retrieve/post one.

So, we added the below syntax with the code,

curl_setopt($ch, CURLOPT_USERPWD, $username . ":" . $password);

Finally, this fixed the problem.

[Need urgent assistance with curl errors? – We are here to help you. ]