Reading Time: 4 min read

What is 403 Forbidden Error?

One of the most commonly seen errors while browsing is Error # 403.

It is basically a hypertext transfer protocol response that a user can get due to numerous reasons.

While browsing, if you land into a 403 Error, it is because you are not authorized to access the specified URL.

In this article, we will walk you through its different versions, causes, possible resolutions, and workarounds, if any.

Variants of 403:

There are different scenarios where a user will face one of the multiple versions of the 403 Error.

The most common Error 403 variants are:

  • 403 Error
  • 403 Forbidden
  • 403 Forbidden Error
  • 403 Forbidden Nginx
  • 403 Forbidden: Access Denied
  • Error 403 Forbidden
  • Forbidden
  • HTTP 403 Forbidden
  • Nginx 403 Forbidden

How does the HTTP Error 403 work?

A user will see one of the Error 403 while communicating with a server via HTTP mainly due to an authentication or access error.

When a user tries to browse a webpage, the browser sends out the request using HTTP.

In response, the server examines the request and if everything is correct, the server responds with a 2xx category success code before loading the page.

This happens so rapidly that the users cannot see it on their screen.

However, if the server finds some issues in the request for what so ever reason, it will display a 4xx category error.

These codes are generated automatically as per the predefined scenarios and each error code represents a different reason.

These codes help the developers and some sophisticated users to understand the reason.

The most common 4xx category errors are 403 and 404.

Error 404 means that the files or resources the user is requesting cannot be found at the mentioned URL.

Whereas, 403 means that the desired URL is valid, but the user’s request could not be fulfilled.

The actual reason for the HTTP error 403 varies from case to case. For example, for some of the websites, searching within certain directories is actively forbidden by the 403 status.

Like, disabling direct access to the multimedia content on the server.

Possible reasons for 403 Error and its solution:

As we briefly explained the 403 Error above, we will now explain how a user could land into a 403 Error due to any of the following reasons.

Reason-1 Hotlink protection:

What is hotlinking? Hotlinking is stealing someone’s bandwidth by linking to their website’s assets like images and videos etc.

To explain it further, suppose the owner of website 1 is hosting some high-resolution images or videos on their server.

The owner of website 2 is quite impressed by the quality of the content and decides to use them in his website too.

Now, instead of hosting these images directly on his own server, he links them from the website 1’s server.

Technically this will work absolutely fine and while browsing the website 2, a user will not be able to tell right away if the site is using hotlinking.

Doing this saves a lot of resources for Website 2 but it is stealing the resources of Website 1 and may degrade the quality of service for website 1’s server.

To avoid such situations, owner of website 1 can Implement zone referrers.

This will restrict hotlinking and will return a 403 error in case of hotlinking.

As this is a server to server restriction, the end user cannot do much in this case, however, the owners can resolve the issue by hosting the content on their own server.

Please note that it is unethical to use 3rd party resources without their permission.

Solution:

To set up Hotlink protection in cPanel, head to Security < Hotlink Protection: Security

From here, you can enable or disable the hotlink protection:

Enable-Disable

Now, if you are the owner for both website1 and website2, you can disable the hotlink protection for own site so that you can link the content to and from your website.

The following screenshot will elaborate it for you:

Configure

Reason-2 Bad Permissions:

Another most common reason for 403 forbidden errors is inappropriately setting up the file permissions.

To resolve such issues, the owner must set up the permissions as under:

  • Dynamic Content: 700
  • Folders: 755
  • Static Content: 644

Solution:

To setup the permission, follow the steps:

1. Log into your cPanel using the specified URL and assigned login credentials
2. Click on the File Manager icon in the Files field

permissons

3. On the left of the window that opens, you will see permissions of all files and folders
4. Ensure that the permissions of the public_html folder are 750 as shown below:

change-permissions

If it is 750, move to the next troubleshoot else follow the steps:

a. Choose the public_html folder > click on the Change Permissions icon
b. Set up permissions to 750 > Save.
c. Clear the browser cache
d. Clear your local DNS cache

Reason-3 Hidden Files / Wrong URL

The hidden files are not supposed to be accessed publicly and therefore the server restricts the access for public.

When a user tries to access the hidden files, a 403 forbidden error is thrown.

Likewise, for some servers, if the user enters an invalid URL intentionally or unintentionally, a 403 forbidden error message may occur.

It may vary from server to server and depends on what the user has entered, for example, you may see an error if you enter a folder directory instead of a file path.

Reason-4 IP Rules

As stated earlier, that the error 403 arises mainly due to an authentication error.

The users can see 403 rules due to any IP Deny rules defined in the cPanel.

In that case, verify the rules in cPanel to ensure that you are not blocking your own IP Range.

IP Rules comes very helpful if you need to block access for certain users.

Solution:

To check for the IP rules, follow the steps:

1. Log in to cPanel account using the URL and provided login credentials.
2. Go to the Security section and click the IP Blocker icon.

ip-blocker

3. Enter one or a range of IP addresses you want to deny access.

ip-blocker-add

4. Click the Add button.

Single
IP Address
192.168.0.1
2001:db8::1
Range 192.168.0.1-192.168.0.40
2001:db8::1-2001:db8::3
Implied
Range
192.168.0.1-40
CIDR
Format
192.168.0.1/32
2001:db8::/32
Implies
192.*.*.*
192.*.*.*

Reason-5 Index Manager:

By default, the web server will load the index or home page from the target directory.

If the index file is missing from the folder, the web browser will display the folder content, but this can cause security risk.

The security risk is lowered by not to show the folder content directly and as an alternative, a 403 error is displayed.

Solution:

You can resolve this issue by uploading the appropriate index file to the directory or changing the values of “Index Manager” from cPanel.

indexes

Conclusion

There are a plenty of reasons to cause an HTTP 403 forbidden error but all of them means only one thing and that is Access Denied.

The 403 error can be fixed at the server level by changing the security settings.