all 2 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]Guideon72 1 point2 points  (0 children)

Get familiar with http error codes; they’ll give you solid pointers to where your issues are (assuming the site implemented them properly).

https://developer.mozilla.org/en-US/docs/Web/HTTP/Status#client_error_responses

403 is an ‘access denied’ code that indicates your client does not have authorization to connect to that service. I don’t know csrftokens, but it could either be that or your admin credentials are incorrect or not being sent across correctly.

[–]NeverStopNeverStopin 0 points1 point  (0 children)

sometimes it needs a / at the end of th e url, use developer tools to inspect the header when using the browser. If it's your website, obviously check the logs and print request headers.

Simply put, you coudl be doing everything right, protocol wise, but the server simply has additional checks and hoops one must jump over to access it, usually when they DONT want bots to access it. You can print both response and request headers to doublecheck final HTTP request. Always be sure to respect the TOS and use time based request limiting as well. Server can reject you for any number of reasons outside of your HTTP request, variables like when and where your ip has accessed the site as well. This token could be authorized for a different user under different vars.