WebDAV (Nextcloud) errors with 403 Forbidden

What is the problem you are having with rclone?

WebDAV remote (Nextcloud) returns 403 Forbidden. I suspect that rclone sends wrong password, because the exact same settings work with another WebDAV client (cadaver).

Run the command 'rclone version' and share the full output of the command.

$ rclone version                                                                                                                  (base) 
rclone v1.68.1
- os/version: ubuntu 22.04 (64 bit)
- os/kernel: 6.11.0-102007-tuxedo (x86_64)
- os/type: linux
- os/arch: amd64
- go/version: go1.23.1
- go/linking: static
- go/tags: none

Which cloud storage system are you using? (eg Google Drive)

Nextcloud

The command you were trying to run (eg rclone copy /tmp remote:tmp)

$ rclone ls NextCloud:                                                                                                            
2024/10/07 22:09:44 ERROR : : error listing: couldn't list files: <html><head><title>403 Forbidden</title><link href='//fonts.bunny.net/css?family=Rubik:300,400,500' rel='stylesheet' type='text/css'><style>html, body { width: 100%; margin: 0; padding: 0; text-align: center; font-family: 'Rubik'; background-image: url('<snip>'); background-repeat: no-repeat; background-position: bottom center; background-size: cover; color: white; height: 100%; background-color: #051f37; } h1 {margin-bottom: 0px;font-weight: bold;font-size: 140px;font-weight: 500;padding-top: 130px;margin-bottom: -35px;}h2 {font-size: 45px;color: white; font-weight: 200;}</style></head><body><div id='content'><h1 style='margin-bottom: -35px;'>403</h1><h2>Forbidden</h2></div></body></html>: 403 Forbidden
2024/10/07 22:09:44 NOTICE: Failed to ls with 2 errors: last error was: couldn't list files: <html><head><title>403 Forbidden</title><link href='//fonts.bunny.net/css?family=Rubik:300,400,500' rel='stylesheet' type='text/css'><style>html, body { width: 100%; margin: 0; padding: 0; text-align: center; font-family: 'Rubik'; background-image: url('<snip>'); background-repeat: no-repeat; background-position: bottom center; background-size: cover; color: white; height: 100%; background-color: #051f37; } h1 {margin-bottom: 0px;font-weight: bold;font-size: 140px;font-weight: 500;padding-top: 130px;margin-bottom: -35px;}h2 {font-size: 45px;color: white; font-weight: 200;}</style></head><body><div id='content'><h1 style='margin-bottom: -35px;'>403</h1><h2>Forbidden</h2></div></body></html>: 403 Forbidden

Please run 'rclone config redacted' and share the full output. If you get command not found, please make sure to update rclone.

[NextCloud]
type = webdav
url = https://<mydomain>/remote.php/dav/files/inv
vendor = nextcloud
user = XXX
pass = XXX

[NextCloudEncrypted]
type = crypt
remote = NextCloud:Encrypted
filename_encryption = standard
directory_name_encryption = true
password = XXX

[yadisk]
type = yandex
token = XXX

A log from the command that you were trying to run with the -vv flag

2024/10/07 22:11:45 NOTICE: Automatically setting -vv as --dump is enabled
2024/10/07 22:11:45 DEBUG : rclone: Version "v1.68.1" starting with parameters ["rclone" "ls" "NextCloud:" "--retries" "1" "--low-level-retries" "1" "--dump" "bodies" "--transfers" "1" "-vv"]
2024/10/07 22:11:45 DEBUG : Creating backend with remote "NextCloud:"
2024/10/07 22:11:45 DEBUG : Using config file from "/home/inv/.config/rclone/rclone.conf"
2024/10/07 22:11:45 DEBUG : found headers: 
2024/10/07 22:11:45 DEBUG : You have specified to dump information. Please be noted that the Accept-Encoding as shown may not be correct in the request and the response may not show Content-Encoding if the go standard libraries auto gzip encoding was in effect. In this case the body of the request will be gunzipped before showing it.
2024/10/07 22:11:45 DEBUG : Chunks temporary upload directory: https://<mydomain>/remote.php/dav/uploads/inv/
2024/10/07 22:11:45 DEBUG : >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
2024/10/07 22:11:45 DEBUG : HTTP REQUEST (req 0xc00081a3c0)
2024/10/07 22:11:45 DEBUG : PROPFIND /remote.php/dav/files/inv/ HTTP/1.1
Host: <mydomain>
User-Agent: rclone/v1.68.1
Content-Length: 308
Authorization: XXXX
Depth: 1
Referer: https:/<mydomain>/remote.php/dav/files/inv/
Accept-Encoding: gzip

<?xml version="1.0"?>
<d:propfind  xmlns:d="DAV:" xmlns:oc="http://owncloud.org/ns" xmlns:nc="http://nextcloud.org/ns">
 <d:prop>
  <d:displayname />
  <d:getlastmodified />
  <d:getcontentlength />
  <d:resourcetype />
  <d:getcontenttype />
  <oc:checksums />
  <oc:permissions />
 </d:prop>
</d:propfind>
2024/10/07 22:11:45 DEBUG : >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
2024/10/07 22:11:45 DEBUG : <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
2024/10/07 22:11:45 DEBUG : HTTP RESPONSE (req 0xc00081a3c0)
2024/10/07 22:11:45 DEBUG : HTTP/2.0 403 Forbidden
Cdn-Pullzone: 2487957
Cdn-Requestcountrycode: DE
Cdn-Requestid: a143ba615fb8dadc401c7105f3ddfbfb
Cdn-Uid: 168c8a10-b575-47db-be43-bca6f09224ea
Content-Type: text/html
Date: Mon, 07 Oct 2024 20:11:45 GMT
Server: BunnyCDN-DE1-1080
Vary: Accept-Encoding

<html><head><title>403 Forbidden</title><link href='//fonts.bunny.net/css?family=Rubik:300,400,500' rel='stylesheet' type='text/css'><style>html, body { width: 100%; margin: 0; padding: 0; text-align: center; font-family: 'Rubik'; background-image: url('<snip>'); background-repeat: no-repeat; background-position: bottom center; background-size: cover; color: white; height: 100%; background-color: #051f37; } h1 {margin-bottom: 0px;font-weight: bold;font-size: 140px;font-weight: 500;padding-top: 130px;margin-bottom: -35px;}h2 {font-size: 45px;color: white; font-weight: 200;}</style></head><body><div id='content'><h1 style='margin-bottom: -35px;'>403</h1><h2>Forbidden</h2></div></body></html>
2024/10/07 22:11:45 DEBUG : <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
2024/10/07 22:11:45 ERROR : : error listing: couldn't list files: <html><head><title>403 Forbidden</title><link href='//fonts.bunny.net/css?family=Rubik:300,400,500' rel='stylesheet' type='text/css'><style>html, body { width: 100%; margin: 0; padding: 0; text-align: center; font-family: 'Rubik'; background-image: url('<snip>'); background-repeat: no-repeat; background-position: bottom center; background-size: cover; color: white; height: 100%; background-color: #051f37; } h1 {margin-bottom: 0px;font-weight: bold;font-size: 140px;font-weight: 500;padding-top: 130px;margin-bottom: -35px;}h2 {font-size: 45px;color: white; font-weight: 200;}</style></head><body><div id='content'><h1 style='margin-bottom: -35px;'>403</h1><h2>Forbidden</h2></div></body></html>: 403 Forbidden
2024/10/07 22:11:45 DEBUG : 5 go routines active
2024/10/07 22:11:45 NOTICE: Failed to ls with 2 errors: last error was: couldn't list files: <html><head><title>403 Forbidden</title><link href='//fonts.bunny.net/css?family=Rubik:300,400,500' rel='stylesheet' type='text/css'><style>html, body { width: 100%; margin: 0; padding: 0; text-align: center; font-family: 'Rubik'; background-image: url('<snip>'); background-repeat: no-repeat; background-position: bottom center; background-size: cover; color: white; height: 100%; background-color: #051f37; } h1 {margin-bottom: 0px;font-weight: bold;font-size: 140px;font-weight: 500;padding-top: 130px;margin-bottom: -35px;}h2 {font-size: 45px;color: white; font-weight: 200;}</style></head><body><div id='content'><h1 style='margin-bottom: -35px;'>403</h1><h2>Forbidden</h2></div></body></html>: 403 Forbidden

Here is comparison between rclone and cadaver (I use fish shell):

$ set PASSWORD "<redacted>"
$ set LOGIN "inv
$PASSWORD"
$ echo $LOGIN | cadaver https://<mydomain>/remote.php/dav/files/inv                                               
Authentication required for Nextcloud on server <mydomain>':
Username: inv
dav:/remote.php/dav/files/inv/> 
Connection to `<mydomain>' closed.
$ rclone ls NextCloud: --webdav-pass $(echo -n $PASSWORD | rclone obscure -)
<error from op post>

welcome to the forum,

403 is usually a permissions error returned from the server.
i could be wrong, but, to get that error, would imply a successful login.

401 is usually a username/password error returned from the server.
and that can be tested

# use correct password
rclone ls webdav: --webdav-pass $(echo -n mdjca76fjwswlbvz | rclone obscure - )
        4 zork/file.ext

# use incorrect password
rclone ls webdav: --webdav-pass $(echo -n badpassword | rclone obscure - )
CRITICAL: Failed to create file system for "webdav:redacted.com/files":
read metadata failed: Incorrect username or password.: 401 Unauthorized

# use correct password
cadaver https://webdav.redacted.com
Authentication required for webdav.redacted.com on server `webdav.redacted.com':
Username: redacted@redacted.com
Password:
dav:/>

# use incorrect password
cadaver https://webdav.redacted.com
Authentication required for webdav.redacted.com on server `webdav.redacted.com':
Username: redacted@redacted.com
Password:
Authentication required for webdav.redacted.com on server `webdav.redacted.com':

Aha, by transforming requests to curl and experimenting I found out that my nextcloud provider for some reason blacklisted User-Agent: rclone/....

Thankfully rclone has --user-agent flag. Is it possible to permanently overwrite it for one of the remotes? Does anyone possibly know what user agent does nextcloud desktop uses so I could mimic it?

ok, makes sense, as your issue did not seem related to password.

--user-agent is a global flag that applies to the command.
as a result, cannot add that flag to a remote in the rclone config file.

can set an environment variable, something like this and then run rclone command.
export RCLONE_USER_AGENT="abcd"

i would try one from https://whatmyuseragent.com/apps/nextcloud

if you must to know the exact user agent used by nextcloud desktop, post at nextcloud forum
or use a web debugging proxy such as charlesproxy

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.