We wrote a custom FBA login page and had it working in our QA system and were in the process of setting it up in our production system when we encountered a "403 Forbidden" error. The page was written as a modification to the FBA pack on CodePlex and thus was located in the /15/template/layouts/FBA/OurCustomFolder directory. After struggling with this for quite some time we finally realized we had set anonymous access on the site permissions in QA to "lists and libraries" (for another reason) and had not made that same change to production.
Making this change fixed our "forbidden" error.
Interestingly, when using the out-of-the-box FBA login page, there was no issue.
Are you a user? 