HTTP error 403 - Forbidden

The HTTP error 403 - Forbidden typically indicates that the server has understood the request, but it refuses to fulfill it due to restricted access to the requested file or folder. This denial of access can occur intentionally, where the site owner has limited permissions, or it may be a result of misconfiguration. The server acknowledges the request, but it explicitly denies access to the resource, preventing the user from viewing or interacting with it.


How to Fix a 403 Forbidden Error

For end-users

The vast majority of the time, there's not much you can do to fix things on your end. Still, there are some things you can try.

  1. Refresh the Page
  2. Double Check the Address
  3. Clear Browser Cookies and Cache
  4. Check firewall settings
  5. Deactivate browser extensions
  6. Try Again Later
  7. Contact website administrators

For site administrators

There are three common causes for this error

  1. An empty website directory
  2. No index page
  3. Permission and Ownership error

An empty website directory

Make sure that your website content has been uploaded to the correct directory on your server.

Plesk server

When creating a website using Plesk, the platform not only sets up a new virtual host on the web server but also generates the necessary directory structure for the site. Additionally, Plesk populates these directories with specific initial content, ensuring that the website has the required files and data to function properly. This streamlined process simplifies website creation and setup for users, providing them with a functional site from the start.These directories are located in the corresponding virtual host directories :

On Linux: /var/www/vhosts/ 
On Windows: C:\inetpub\vhosts\ 

By default it creates the directories below:

/var/www/vhosts/example.com/httpdocs/

- domain's root directory (may be changed in the Domains > example.com > Hosting Settings);

When you connect with your FTP user, you just need to navigate into the httpdocs directory. Moreover, be sure to replace example.com with your actual domain name.

cPanel server:

In Plesk, the /home/example/public_html/ folder serves as the web root for your primary domain name. This means that any files placed in the public_html folder will be accessible and displayed when someone enters your main domain name into their web browser. Essentially, the content within the public_html directory is what visitors will see when they access your website.

When you connect with your FTP user, you just need to navigate into the public_html directory. Be sure to replace example with the name of your cPanel account username.

IIS:

Microsoft turn off the most basic features by default. Go to Turn Windows features on or off.

public_html directory
Internet Information Services

No index page

The default document on a web server is the initial file that is sent to visitors when they access your website. Typically, the default document is set to index.html or index.php, but it can be customized to any desired file. This ensures that when someone visits your site, the specified default document is displayed as the starting point of the website.

Index files option is set to Default at:

Linux: Domains > example.com > Apache & Nginx Settings
Windows: Domains > example.com > IIS Settings

To resolve this 403 Forbidden error, upload an index page to your httpdocs or public_html directory.

If you already have a home page called something else - example.html , you have a couple of options to change it:

  1. Rename your home page to index.html or index.php.
  2. Set up a redirect on the index page to your real home page.
  3. Set a different default home page in your .htaccess file.

HTTP Error 403.14 - Forbidden in IIS

The Web server is configured to not list the contents of this directory.

In IIS, a default document is not configured for the requested URL, and directory browsing is not enabled on the server.

How to enable directory browsing?
  1. Go to the IIS Express install directory.

  2. Run appcmd set config /section:system.webServer/directoryBrowse /enabled:true to enable directory browsing at the server level.

  3. Run appcmd set config ["SITE_NAME"] /section:system.webServer/directoryBrowse /enabled:true to enable directory browsing at the site level.

Moreover, verify that the configuration/system.webServer/directoryBrowse@enabled attribute is set to true in the site or application configuration file

Permissions and ownership errors

HTTP Error 403.14 – Forbidden error can also be caused by incorrect ownership or permissions on your website content files and folders.

Permissions

  1. for directories
find /desired_location -type d -print0  xargs -0 chmod 0755
  1. for files
find /desired_location -type f -print0  xargs -0 chmod 0644

Additionally, if you know PHP runs as the user and not as "apache", then you can set PHP files to 600, for an extra level of security, eg:

find . -type f -name '*.php' -exec chmod 600 {} \;

Ownership

The concept of owner and groups for files is fundamental to Linux. Every file is associated with an owner and a group. You can use chown and chgrp commands to change the owner or the group of a particular file or directory.

Every Linux system have three types of owner:

  1. User: A user is the one who created the file. By default, whosoever, creates the file becomes the owner of the file. A user can create, delete, or modify the file.

  2. Group: A group can contain multiple users. All the users belonging to a group have same access permission for a file.

  3. Other: Any one who has access to the file other than user and group comes in the category of other. Other has neither created the file nor is a group member.

Users and groups can be locally managed in /etc/psswd or /etc/group .

Plesk server: domain - example.com, domainuser - FTP user
/var/www/vhosts/example.com/ - root:root
/var/www/vhosts/example.com/httpdocs/ - domainuser:psaserv
/var/www/vhosts/example.com/httpdocs/index.html - domainuser:psacln
cPanel server: account user - example
/home - root:root
/home/example - example:example
/home/example/public_html - example:example

The chown command is used to change file ownership settings. The basic syntax is:

chown owner-user file
chown owner-user:owner-group file
chown owner-user:owner-group directory
chown options owner-user:owner-group file

Nginx 403 forbidden error


Nginx 403 forbidden for all files, Nginx 403 error: directory index of [folder] is forbidden

The Nginx 403 Forbidden error is a status code that occurs when a client attempts to access a part of the web server without sufficient permissions. When Nginx accesses a directory, it typically tries to index it and provide a list of files inside to the browser/client. However, directory indexing is usually disabled by default, leading to the error message "Nginx 403 error: directory index of [folder] is forbidden." This error indicates that the client does not have the required permissions to access the directory or view its contents.

Incorrect Index File

The try_files directive in Nginx attempts to serve files in the order they are specified and sets the internal file pointer accordingly. If you are experiencing issues with directory indexing being turned off and encountering the Nginx 403 Forbidden error, it is likely due to the presence of a directory option in the try_files directive. This can prevent proper file serving and lead to the forbidden error when accessing directories without sufficient permissions.

location / { try_files $uri $uri/ /index.html index.php; }

to

location / { try_files $uri /index.html index.php; }

Incorrectly set permissions

To resolve the Nginx 403 Forbidden error that may arise from incorrectly set permissions, you can follow these steps:

  1. Change the directory permissions to 755 and the file permissions to 644. This can be done using the "chmod" command in the terminal or command prompt.
  2. Ensure that the user running the Nginx process has ownership of the files and directories. For example, you can set the user to "www-data" using the "chown" command.

By setting the correct permissions and ownership, you should be able to resolve the 403 Forbidden error and allow Nginx to serve the files and directories properly.

sudo chown -R www-data:www-data *

Finally, set the directory and file permissions as:

sudo chmod 755 {dir} sudo chmod 644 {files}

Conclusion

HTTP error 403 - Forbidden indicates that the server understood the request, but it refuses to fulfill it due to insufficient permissions. The client attempting to access a specific part of the webserver is denied access, either intentionally or due to misconfigured permissions.