This guide will help you identify and resolve common causes of 403 Forbidden errors when using Bunny Stream. These errors typically relate to security settings that restrict access to your video content.
Library-Specific Settings
Each Bunny Stream video library has its own security settings, which are independent from other libraries. You can find these settings by navigating to:
Stream → Your Video Library → Security → General
Options That Can Trigger 403 Errors
Enable Direct Play
This setting controls whether videos can be played directly by accessing their URL in a browser.
- If disabled, direct links will result in a 403 error.
- Playback will only work when the video is embedded on a website.
What to check: Ensure that Enable Direct Play is turned on if you need to allow direct access to videos.
Allowed / Blocked Domains
These settings control where your videos can be embedded:
-
Allowed Domains: If configured, only domains on this list can embed your videos.
- Make sure the domain you’re using is listed exactly as needed.
- Do not include http:// or https:// just use `domain.com` or `www.domain.com`
- Blocked Domains: If used, any domain listed here will be denied access to your videos.
What to check:
Double-check for typos and make sure the domain you’re embedding from is either:
- Present in Allowed Domains, or
- Not listed in Blocked Domains
Block Direct URL File Access
This setting blocks users from accessing video URLs directly (e.g., by typing the URL in the browser).
When enabled:
- Accessing videos directly (without being embedded) will result in a 403 error unless a valid referrer is sent.
- This feature is commonly used together with Allowed Domains to prevent unauthorized access.
What to check:
If you enabled Direct Play and Block Direct URL File Access at the same time, but did not configure Allowed Domains, you may run into 403 errors even for previews or thumbnails.
To allow access:
- Either disable Block Direct URL File Access, or
- Add your domain to Allowed Domains
Token-Based Authentication
Embed Token Authentication
This feature requires the video embed to include a valid, signed token to authorize playback.
A 403 error may appear if:
- The token is expired
- The token was generated incorrectly
- No token is provided
What to check:
Review your implementation using the Stream Token Authentication Guide
Note: This is an advanced feature intended for developers using custom code to generate embed tokens.
CDN Token Authentication
This applies to direct links (e.g., MP4, HLS, thumbnails, previews). If enabled, these URLs must include a valid token to work.
A 403 error may occur if:
- The token is expired
- The token is incorrect or malformed
- The token is missing
What to check:
Review your implementation using the CDN Token Authentication Guide
Note: Like embed token auth, this also requires a custom token generation setup.
Pull Zone Security Settings
Bunny Stream works in combination with Bunny CDN and Bunny Storage. If you’ve customized your Pull Zone’s advanced settings (e.g., IP allowlists, token authentication, Edge Rules), these may block video playback in certain scenarios.
You can view these settings by going to:
Stream → Your Video Library → API → Pull Zone → Manage
What to check:
If you’re using Bunny’s built-in video player:
- Avoid changing advanced Pull Zone settings unless necessary.
- If you experience issues, consider reverting to default security settings.
For more details, refer to the Bunny CDN Knowledge Base
Need More Help?
If you’re still seeing 403 errors after checking all the above, please reach out to bunny.net support and we’ll be happy to assist you further.