What is 403 Forbidden Error?
One of the most commonly seen errors while browsing is 403 Forbidden Error.
It is basically a hypertext transfer protocol response that a user can get due to numerous reasons.
While browsing, if you land into a 403 Error, it is because you are not authorized to access the specified URL.
In this article, we will walk you through its different versions, causes, possible resolutions, and workarounds, if any.
What are the variants of HTTP 403 error?
The most common Error 403 variants are:
- 403 Error
- 403 Forbidden
- 403 Forbidden Error
- 403 Forbidden Nginx
- 403 Forbidden: Access Denied
- Error 403 Forbidden
- Forbidden
- HTTP 403 Forbidden
- Nginx 403 Forbidden
How does the HTTP Error 403 work?
A user will see one of the Error 403 while communicating with a server via HTTP mainly due to an authentication or access error.
When a user tries to browse a webpage, the browser sends out the request using HTTP.
In response, the server examines the request and if everything is correct, the server responds with a 2xx category success code before loading the page.
This happens so rapidly that the users cannot see it on their screen.
However, if the server finds some issues in the request for what so ever reason, it will display a 4xx category error.
These codes are generated automatically as per the predefined scenarios and each error code represents a different reason.
These codes help the developers and some sophisticated users to understand the reason.
The most common 4xx category errors are 403 and 404.
Error 404 means that the files or resources the user is requesting cannot be found at the mentioned URL.
Whereas 403 means that the desired URL is valid, but the user’s request could not be fulfilled.
The actual reason for the HTTP error 403 varies from case to case. For example, for some of the websites, searching within certain directories is actively forbidden by the 403 status.
Like, disabling direct access to the multimedia content on the server.
What are the common reasons for 403 error?
As we briefly explained the 403 Error above, we will now explain how a user could land into a 403 Error due to any of the following reasons.
Reason 1: Hotlink protection
What is hotlinking? Hotlinking is stealing someone’s bandwidth by linking to their website’s assets like images and videos etc.
To explain it further, suppose the owner of website 1 is hosting some high-resolution images or videos on their server.
The owner of website 2 is quite impressed by the quality of the content and decides to use them on his website too.
Now, instead of hosting these images directly on his own server, he links them from website 1’s server.
Technically this will work absolutely fine and while browsing the website 2, a user will not be able to tell right away if the site is using hotlinking.
Doing this saves a lot of resources for Website 2 but it is stealing the resources of Website 1 and may degrade the quality of service for website 1’s server.
To avoid such situations, the owner of website 1 can Implement zone referrers.
This will restrict hotlinking and will return a 403 error in case of hotlinking.
As this is a server to server restriction, the end-user cannot do much in this case, however, the owners can resolve the issue by hosting the content on their own server.
Please note that it is unethical to use 3rd party resources without their permission.
How to fix 403 error by Hotlink Protection?
To set up Hotlink protection in cPanel, head to Security < Hotlink Protection:
From here, you can enable or disable the hotlink protection:
Now, if you are the owner for both website1 and website2, you can disable the hotlink protection for own site so that you can link the content to and from your website.
The following screenshot will elaborate it for you:
Reason 2: Bad Permissions
Another most common reason for 403 forbidden errors is inappropriately setting up the file permissions.
To resolve such issues, the owner must set up the permissions as under:
- Dynamic Content: 700
- Folders: 755
- Static Content: 644
How to fix 403 error due to Bad Permissions?
To setup the permission, follow the steps:
1. Log into your cPanel using the specified URL and assigned login credentials
2. Click on the File Manager icon in the Files field
3. On the left of the window that opens, you will see permissions of all files and folders
4. Ensure that the permissions of the public_html folder are 750 as shown below:
If it is 750, move to the next troubleshoot else follow the steps:
a. Choose the public_html folder > click on the Change Permissions icon
b. Set up permissions to 750 > Save.
c. Clear the browser cache
d. Clear your local DNS cache
Reason 3: Hidden Files / Wrong URL
The hidden files are not supposed to be accessed publicly and therefore the server restricts the access for public.
When a user tries to access the hidden files, a 403 forbidden error is thrown.
Likewise, for some servers, if the user enters an invalid URL intentionally or unintentionally, a 403 forbidden error message may occur.
It may vary from server to server and depends on what the user has entered, for example, you may see an error if you enter a folder directory instead of a file path.
Reason 4: IP Rules
As stated earlier, error 403 arises mainly due to an authentication error.
The users can see 403 rules due to any IP Deny rules defined in the cPanel.
In that case, verify the rules in cPanel to ensure that you are not blocking your own IP Range.
IP Rules comes very helpfully if you need to block access for certain users.
How to fix 403 error due to IP Rules?
To check for the IP rules, follow the steps:
1. Log in to cPanel account using the URL and provided login credentials.
2. Go to the Security section and click the IP Blocker icon.
3. Enter one or a range of IP addresses you want to deny access.
4. Click the Add button.
Name | Value |
---|---|
Single IP Address | 192.168.0.1 |
2001:db8::1 | |
Range | 192.168.0.1 – 192.168.0.40 |
2001:db8::1 – 2001:db8::3 | |
Implied Range | 192.168.0.1 – 40 |
CIDR Format | 192.168.0.1/32 |
2001:db8::/32 | |
Implies 192.*.*.* | 192.*.*.* |
Reason 5: Index Manager
By default, the web server will load the index or home page from the target directory.
If the index file is missing from the folder, the web browser will display the folder content, but this can cause a security risk.
The security risk is lowered by not to show the folder content directly and as an alternative, a 403 error is displayed.
Solution:
You can resolve this issue by uploading the appropriate index file to the directory or changing the values of “Index Manager” from cPanel.
Conclusion
There are a plenty of reasons to cause an HTTP 403 forbidden error but all of them means only one thing and that is Access Denied.
The 403 error can be fixed at the server level by changing the security settings.