Blog

403 Forbidden Error

403 Forbidden

403 Forbidden Errors – Finding and Fixing the Source

A 403 Forbidden error is a particular type of error that occurs when trying to access a URL.  If you’re seeing a 403 Forbidden error, there are two possible causes.  It could be due to a deliberate restriction of that particular resource – for example, removal of file permission, or restriction of access based on the IP address of the user.  The second possible cause is accidental misconfiguration of the webserver such as Apache or IIS.

This article will demonstrate the various restrictions and configurations that could cause it.  We’ll be using an Apache web server, IIS 7.5 on the server side, and Google Chrome as the client side browser.

What type of restrictions or configurations could be causing 403 error?

  1. Lack of file or resource permissions.
  2. IP restriction (country-based, or a single IP restriction)
  3. Other server side misconfiguration issues.

Lack of File or Resource Permissions.

As mentioned, a lack of proper permission access to the file or resource can cause 403 forbidden error.

This will result in a 403 error, sometimes combined with a 404 file not found error stating the following message:

“Forbidden

You don’t have permission to access /asd.html on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.”

However, the title of the web page will display a 403 Forbidden error.

403-forbidden-1

 

Fixing File or Folder Permission in order to rectify a http 403 Forbidden error

To fix a http 403 error, you should set proper permissions for a folder or a file.  Normal file permission is 644 and folder permission is 755. File/folder permissions can be set using variety of ways.  In Windows Web Hosting, it’s simply set using IIS. In Linux web hosting you can change permissions using terminal and chmod command.

How to Set permissions using IIS 7.5 in Microsoft Windows Server 2008 R2

Open Internet Information Service Manager:

403-forbidden-8

 

Select the relevant website or folder, and set the necessary permissions via “Edit Permissions”.

403-forbidden-9

 

However, if you are using shared hosting, you may not be able to access the IIS Manager or the Apache configuration file to set file/folder permissions.  In this case, permissions can be easily set using FileZilla FTP client, or through the cPanel interface for the particular web resource.

You can download the FileZilla FTP client from the URL below:

http://filezilla-project.org/download.php?type=client

Install it and run.  Then access the web resource using your FTP details in the area marked as (1).  Right click and select the file or folder for which you intend to change permission, and select the “File Permissions …” option in the area marked as (2).

403-forbidden-3

In the following screenshot we show how to fix the permission of a folder which generates a 403 error. The rectified permission value will be 755. If you are having an issue with file permission, you should set the file’s permission value to 644 instead of 755.

403-forbidden-4

Some hosting services will not allow you to change file permissions using the method above. In that case, you may need to contact your host’s support services in order to change file permissions.

 

IP restriction (country based or single IP restriction)

If the cause of the 403 error is restricted access based on IP address, you will see a message somewhat similar this:

“Forbidden

You don’t have permission to access / on this server.

Additionally, a 403 Forbidden error was encountered while typing an ErrorDocument to handle the request. “

403-forbidden-1

 

 

If you have cPanel access, check whether you have properly configured the IP Deny Manager. It may be that you have added your own IP range accidentally.  If so, click on IP Deny Manager and remove any unnecessary IP deny lists.

403-forbidden-5

 

If it is an Apache server, you can do this by editing “.htaccess” file. To edit the .htaccess file you must have direct access to files in the hosting space, or you may use FTP or SSH.

You can download and editing “.htaccess” file using a text editor such as Notepad.

In the “.htaccess” file you may see something similar to the lines below.  Edit or remove deny lists as you wish:

(Blocking a single IP addresses using “.htaccess”)

deny from 175.157.48.119

or

(Blocking a range of IP addresses using “.htaccess”)

deny from 10.5.3.0/24

Sometimes the “.htaccess” file is not visible in the hosting space, and as such can’t be found for viewing or download.  If so, you need to enable viewing of hidden files by clicking the “Server” tab and ticking the “force showing hidden files” box in your FileZilla FTP client.

403-forbidden-7

Removing IP restrictions Using IIS 7.5 in Microsoft Windows Server 2008 R2

Select the website or directory in the Internet Information Services Manager and click on “IP Address and Domain Restrictions”:

403-forbidden-10

 

Remove unnecessary IP addresses or ranges, as below:

403-forbidden-11

 

403 Forbidden Errors due to Other Serverside Misconfigurations – and How to Rectify

403 Forbidden errors can occur if there’s no default index page present when directory browsing is denied.

For example if you are using IIS 7.5 in Microsoft Windows Server 2008 R2, you will receive something similar to the 403 Forbidden error below, if directory browsing is denied.  This error will be 403.14 – directory listing denied.

403-forbidden-12

Fix the 403.14 error by either creating an index.html /index.php file, or enabling the directory browsing.

How to Enable Directory Browsing in IIS 7.5 in Microsoft Windows Server 2008 R2

Open IIS Manager and select the appropriate web folder/website, and click on “Directory Browsing”:

403-forbidden-13

 

Then click on enable …

403-forbidden-14

 

403 Forbidden – Additional Possibility

Other than above causes, there’s one other possible source of a 403 Forbidden error if you are using Apache.  It’s possible that the error stems from your mod_security rules if directory listings have been disabled in the server using the mod_proxy extension.  It may be worth checking those settings if you are using an Apache server.

 

Watch the Video

Posted in: Technical Topics

Leave a Comment (0) →