Inconsistent 403 Forbidden issues with images on a website

Mike Cole

8/15/23, 5:43 PM

I am getting inconsistent HTTP 403 Forbidden results when requesting images embedded on a webpage. This is happening more frequently in FireFox, but occasionally also happens in Chrome. This website has been used for many years and this just popped up a few weeks ago. I control both the website and the server and am not sure of how to troubleshoot this issue. When I refresh the page it seems to be a different combination of resources that causes the issue.

Response:

HTTP/1.1 403 Forbidden
Server: Microsoft-IIS/8.5
X-UA-Compatible: IE=Edge
X-Frame-Options: sameorigin
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=63072000; includeSubDomains;
P3P: Our site does not have a P3P Policy, please see our privacy policy for more information.
Date: Fri, 15 Apr 2022 17:34:15 GMT
Content-Length: 0

Request:

GET /bonds/images/exclamation.png HTTP/1.1
Host: <Redacted>
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: <Redacted>
Cookie: <Redacted>
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
If-Modified-Since: Mon, 04 Apr 2022 20:03:08 GMT
Cache-Control: max-age=0

0 + 0

http

iis-8.5

basvdlei

8/18/23, 6:01 PM

It's just 1 server? No load-balancer sending some traffic to a wrong backend? Have you enabled server logging?: https://docs.microsoft.com/en-us/iis/manage/provisioning-and-managing-iis/configure-logging-in-iis

SmallClanger

8/21/23, 10:21 PM

Focus on the whom what and when to start with. Does _everyone_ get 403s at the same time? If so, what times? (scan your logs for timestamps) When does it start working again? Are _some_ users are getting them _all_ of the time? Is it only specific images? Understanding the pattern can point you in the right direction. Perhaps some built-in rate-limiting on resource or source IP?

Lex Li

8/24/23, 5:01 AM

You really need the help of FRT to learn more about the 403 errors, https://docs.microsoft.com/en-us/iis/troubleshoot/using-failed-request-tracing/troubleshooting-failed-requests-using-tracing-in-iis Without that no serious discussion can be made.

Score:0

Server

Mike Cole

8/28/23, 8:27 PM

In this case, it appears the issue was being caused by the dynamic IP restrictions limit, and increasing the max concurrent requests solved the issue.

0 + 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Inconsistent 403 Forbidden issues with images on a website

TH: ไม่สอดคล้องกัน 403 ปัญหาต้องห้ามเกี่ยวกับรูปภาพบนเว็บไซต์

RO: Inconsecventă 403 Probleme interzise cu imaginile de pe un site web

RU: Непоследовательные 403 Запрещенные проблемы с изображениями на веб-сайте

VI: Sự cố 403 Forbidden không nhất quán với hình ảnh trên trang web

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.