You may encounter the following error log in Artifactory, when attempting to download an artifact:
HTTP Error Code 403: Artifact download request rejected: <ARTIFACT_PATH> was not downloaded due to the download blocking policy configured in Xray for <REPO_NAME>.
Note
Please verify that the artifact you are trying to access is currently scanned and that its retention period has not expired.
To determine which watches and policies are preventing the download of artifacts, please follow the steps outlined below-
1. Trace the Watch and Policy Blocking the Download-
Use the Get Policies API to check for policies that have the "block_download" fields set to “true”.
The API response will be similar to the following example:
[
{
"name": "Test_policy",
"type": "security",
"author": "admin",
"rules": [
{
"name": "block_downloads",
"priority": 1,
"actions": {
"block_download": {
"unscanned": true,
"active": true
}
},
"criteria": {
"fix_version_dependant": false,
"malicious_package": false,
"min_severity": "All severities"
}
}
],
"created": "2025-04-17T09:08:14.507Z",
"modified": "2025-04-17T09:08:14.507Z"
}
]
2. Locate the Corresponding Watch-
Next, use the Get Watches API to find the specific watch associated with the policy name identified in the previous step.
Ensure to check if your repository is blocked either independently or as part of a broader "All Repositories" policy.
For a specific repository, such as "example-local-repo", the API response will appear as follows-
[
{
"general_data": {
"id": "1234",
"name": "Test_watch",
"active": true
},
"project_resources": {
"resources": [
{
"type": "repository",
"name": "example-repo-local",
"bin_mgr_id": "default",
"repo_type": "local"
}
]
},
"assigned_policies": [
{
"name": "Test_policy",
"type": "security"
}
],
"ticket_generation": {
"create_duplicate_tickets": {
"by_version": {
"build": false,
"package": false,
"release_bundle": false
}
},
"impact_path_profiles_mapping": {},
"create_tickets_for_ignored_violation": false
}
}
]
For policies affecting “All Repositories”, the response will appear as follows-
[
{
"general_data": {
"id": "1234",
"name": "Test_watch",
"active": true
},
"project_resources": {
"resources": [
{
"type": "all-repos",
"name": "All Repositories",
"bin_mgr_id": "default"
}
]
},
"assigned_policies": [
{
"name": "Test_policy",
"type": "security"
}
],
"ticket_generation": {
"create_duplicate_tickets": {
"by_version": {
"build": false,
"package": false,
"release_bundle": false
}
},
"impact_path_profiles_mapping": {},
"create_tickets_for_ignored_violation": false
}
}
]
By following the above steps, you should be able to identify and address the download blocking watches and policies that are resulting in the HTTP 403 error.