The 403 Forbidden error means that access to the page or resource you were trying to reach is blocked for some reason. This article will explain what that means and how to fix it. Remember that you likely won’t be able to fix it since the error is generated by a website you probably don’t control.
What are the Causes of 403 Forbidden Error?
1. Incorrect File Permission
The most common reason behind this error is files and folder permissions on the webserver. This can be easily fixed by checking the permission settings in your File Manager under cPanel. We will discuss this further in detail in the subsequent sections.
The ideal folder permissions on a web server should look like this:
- Permission Status for Folders: 755
- Static Content: 644
- Dynamic Content: 700
Understanding File Permissions
- 7: Stands for full access (Read, Write, Execute)
- 6: for the Only Read and Write Access
- 5: Stands for Reading and Execute
- 4: Only Read Access
- 0: Stands for No Access Rights
The 3 digits in the permission codes specify Owner | Group | Public in that order
So, if a folder permission code looks like 7|5|4 it means the owner has full access (7), while Group can Read and Execute (5) while Public/Everyone else can only Read (4) the resource.
These codes can be changed under File Manager if you are using a cPanel. File permissions can also be changed using an FTP tool like FileZilla.
What does the Read/Write/Execute mean?
- Read – view the files and subfolders within the folder.
- Write – add, edit, or delete the files and subfolders inside the folder
- Execute – process/execute the resources using a script or commands to change their value.
Setting File Permission using FTP Tool like FileZilla
Setting File Permission using File Manager in cPanel
Folder permissions can also be changed using SSH under chmod commands.
2. No Index File or Empty Folder
Another possible reason causing this 403 error can be an empty HTTP directory or in other words, no website or web application files are uploaded to the server directory.
For example, The default landing page for a website or web application is index.html or index.php. If none of the 2 files exist on the server it will return a 403 Forbidden error.
Also, If you have defined some other file in Nginx config or .htaccess as the home page, and that file is not uploaded in the directory the error will trigger.
Generally, these two reasons are found to be common for displaying 403 Errors. But other specific reasons and level of resource access forbidding can be determined by identifying the sub-status code, which is as follows (though they are not standard codes):
- 403.1 – Execute access forbidden.
- 403.2 – Read access is forbidden.
- 403.3 – Write access forbidden.
- 403.4 – SSL required
- 403.5 – SSL 128 required.
- 403.6 – IP address rejected.
- 403.7 – Client certificate required.
- 403.8 – Site access denied.
- 403.9 – Too many users.
- 403.10 – Invalid configuration.
- 403.11 – Password change.
- 403.12 – Mapper denied access.
- 403.13 – Client certificate revoked.
- 403.14 – Directory listing denied.
- 403.15 – Client Access Licenses exceeded.
- 403.16 – Client certificate is untrusted or invalid.
- 403.17 – The client certificate has expired or is not yet valid.
- 403.18 – Cannot execute request from that application pool.
- 403.19 – Cannot execute CGIs for the client in this application pool.
- 403.20 – Passport logon failed.
- 403.21 – Source access denied.
- 403.22 – Infinite depth is denied.
- 403.502 – Too many requests from the same client IP; Dynamic IP Restriction limit reached.
- 403.503 – Rejected due to IP address restriction
Based on sub-status error codes, you can easily identify the exact cause of the issue and effectively troubleshoot it.
If you are a WordPress user, the error 403 can be temporarily triggered due to the following conditions :
- Access denied to WordPress Dashboard. In that case, you have to check the settings for the wp-admin directory.
- Access may be denied during WordPress installation
- Access may be denied during theme or plugin updates
3. Misconfigured Server Settings
If the web server files are misconfigured or have some issues, it can trigger an Error 403.
For example, if your website is on the Nginx Web server and the Nginx configuration files are not properly configured it will trigger a 403 Forbidden Nginx Error.
The issue could arise if the configuration files are missing, incomplete, or incorrect settings. Such as if you have poorly configured your security settings it can prevent your access to certain resources.
This particular scenario often happens when you have recently made some changes to your Nginx configuration file or you have recently migrated to a new server.
4. Incorrect URL or Directory Structure
If you are trying to access a resource whose URL path is incorrect, doesn’t exist, or has been moved to a different location, the 403 error will trigger.
Even if you have misconfigured the server, it can cause it to look resources in the wrong location and hence the error happens.
5. Server and Firewall issues
The last reason that can cause a 403 error, can be an issue with your server or Firewalls. For example, the server could be experiencing a spike in high traffic and aggressive firewall settings that could be blocking access to certain resources. If this is the case, it’s important to check your server logs and find out the root cause of the issue.