According to Cloudflare, if you see a 403 error without CloudFlare branding, it might be related to permission rules on the webserver that is hosting your website or application and not CloudFlare.
The top reasons for this error are:
- Permission rules you have set or an error in the .htaccess rules you have set
- Mod_security rules.
- IP Deny rules
Since CloudFlare obviously cannot access your server or ours directly, please contact our technical support team for assistance with resolving 403 errors and fixing rules.
Though always whitelisted, we may need to make sure that CloudFlare's CIDR isn't being blocked before delving further.
If you see a 403 response that contains CloudFlare branding in the response body, this is the HTTP response code returned along with many of Cloudflare's security features:
- Web Application Firewall challenge and block pages
- Basic Protection level challenges
- Most 1xxx CloudFlare error codes
If you're attempting to access the second level of subdomains (eg-*.*.example.com) through CloudFlare using the CloudFlare-issued certificate, an HTTP 403 error will be seen in the browser as these hostnames are not present on the certificate.
If you have questions contact Cloudflare Support and include a screenshot of the message you see or copy all the text on the page into a support ticket.
