Troubleshooting Bunny Stream 403 Errors

This guide will help you identify and resolve common causes of 403 Forbidden errors when using Bunny Stream. These errors typically relate to security settings that restrict access to your video content.

Library-Specific Settings

Each Bunny Stream video library has its own security settings, which are independent from other libraries. You can find these settings by navigating to:

Stream → Your Video Library → Security → General

1.png
 

Options That Can Trigger 403 Errors

Enable Direct Play

This setting controls whether videos can be played directly by accessing their URL in a browser.

  • If disabled, direct links will result in a 403 error.
  • Playback will only work when the video is embedded on a website.

What to check: Ensure that Enable Direct Play is turned on if you need to allow direct access to videos.

2.png
 

Allowed / Blocked Domains

These settings control where your videos can be embedded:

  • Allowed Domains: If configured, only domains on this list can embed your videos.
    • Make sure the domain you’re using is listed exactly as needed.
    • Do not include http:// or https:// just use `domain.com` or `www.domain.com`
  • Blocked Domains: If used, any domain listed here will be denied access to your videos.

What to check:

Double-check for typos and make sure the domain you’re embedding from is either:

  • Present in Allowed Domains, or
  • Not listed in Blocked Domains
3.png
 

Block Direct URL File Access

This setting blocks users from accessing video URLs directly (e.g., by typing the URL in the browser).

When enabled:

  • Accessing videos directly (without being embedded) will result in a 403 error unless a valid referrer is sent.
  • This feature is commonly used together with Allowed Domains to prevent unauthorized access.

What to check:

If you enabled Direct Play and Block Direct URL File Access at the same time, but did not configure Allowed Domains, you may run into 403 errors even for previews or thumbnails.

To allow access:

  • Either disable Block Direct URL File Access, or
  • Add your domain to Allowed Domains
f6afde6d-b2da-4f52-91a1-8e2078252fc2.png
 

Token-Based Authentication

Embed Token Authentication

This feature requires the video embed to include a valid, signed token to authorize playback.

A 403 error may appear if:

  • The token is expired
  • The token was generated incorrectly
  • No token is provided

What to check:

Review your implementation using the Stream Token Authentication Guide

Note: This is an advanced feature intended for developers using custom code to generate embed tokens.

ee1fb699-1004-4c4e-9f96-1120e224689e.png
 

 


CDN Token Authentication

This applies to direct links (e.g., MP4, HLS, thumbnails, previews). If enabled, these URLs must include a valid token to work.

A 403 error may occur if:

  • The token is expired
  • The token is incorrect or malformed
  • The token is missing

What to check:

Review your implementation using the CDN Token Authentication Guide

Note: Like embed token auth, this also requires a custom token generation setup.

7b6866a2-4d82-4212-968b-1b322dd42378.png
 

Pull Zone Security Settings

Bunny Stream works in combination with Bunny CDN and Bunny Storage. If you’ve customized your Pull Zone’s advanced settings (e.g., IP allowlists, token authentication, Edge Rules), these may block video playback in certain scenarios.

You can view these settings by going to:

Stream → Your Video Library → API → Pull Zone → Manage

 
2505a2c6-3553-4b6a-ac99-60dcd40f69a1.png

What to check:

If you’re using Bunny’s built-in video player:

  • Avoid changing advanced Pull Zone settings unless necessary.
  • If you experience issues, consider reverting to default security settings.

For more details, refer to the Bunny CDN Knowledge Base


Need More Help?

If you’re still seeing 403 errors after checking all the above, please reach out to bunny.net support and we’ll be happy to assist you further.

 

Table of Contents

Was this article helpful?
11 out of 43 found this helpful