diff --git a/app/__init__.py b/app/__init__.py
index cb79105..7542bd0 100644
--- a/app/__init__.py
+++ b/app/__init__.py
@@ -319,6 +319,15 @@ def create_app():
             return {'error': 'not found'}, e.code
         else:
             return render_template('common/404.html'), e.code
+
+    @app.errorhandler(403)
+    def _handle_403(e):
+        if request.path.startswith('/hyperapi/'):
+            return '<h1>forbiddedn</h1>', e.code
+        elif request.path.startswith('/api/'):
+            return {'error': 'forbidden'}, e.code
+        else:
+            return render_template('common/403.html'), e.code
     #
     # @app.errorhandler(413)
     # def _handle_413(e):
diff --git a/app/templates/common/403.html b/app/templates/common/403.html
new file mode 100644
index 0000000..1550ec1
--- /dev/null
+++ b/app/templates/common/403.html
@@ -0,0 +1,8 @@
+{%- from 'common/macros.html' import subheader -%}
+{%- extends 'base.html' -%}
+{%- block title -%}Forbidden{%- endblock -%}
+{%- block content -%}
+{%- call() subheader('403 Forbidden') -%}
+<span>You are not allowed to access this page or perform this action.</span>
+{%- endcall -%}
+{%- endblock -%}
diff --git a/app/templates/common/404.html b/app/templates/common/404.html
index 6c4da8e..fff9448 100644
--- a/app/templates/common/404.html
+++ b/app/templates/common/404.html
@@ -3,6 +3,6 @@
 {%- block title -%}Not found{%- endblock -%}
 {%- block content -%}
 {%- call() subheader('404 Not Found') -%}
-<span>The requested URL was not found.</span>
+<span>The requested page was not found.</span>
 {%- endcall -%}
 {%- endblock -%}