Search Our Database
How to fix 403 forbidden website error
Introduction
When visiting your website’s homepage, encountering a 403 Forbidden error can be confusing — especially if your server is running, and your domain is pointing correctly. This article explains the common causes behind a 403 error. It also outlines essential steps to diagnose and resolve the issue, focusing on server security practices and configuration checks.
Prerequisites
- Access to your server’s file system (via DirectAdmin, cPanel or SSH)
- Know how to navigate through file system and know the location of the website document root
- Privilege to add and edit file and able to change directory/file permission
Checklist #1: Is there a default file?
Most web servers (such as Apache or Nginx) are configured to look for a default file like index.php or index.html when someone visits the root of a website. If none of these index files exist, the server has two options:
- Show a directory listing (list of files and folders)
- Return a 403 Forbidden error if directory listing is disabled
For security reasons, auto-indexing is highly recommended to be turned off to avoid from your web directory structure to be exposed. This means the server is intentionally configured not to display the contents of any folder if there is no index file.
To fix the 403 Forbidden error, ensure that there is a default file in your document root so that whenever someone visits the root of your website, they will be directed to the default file.
Checklist #2: What is the permission of the document root?
Another common cause of the 403 Forbidden error is incorrect file or directory permissions.
By default, the document root (e.g., /var/www/html or /home/[username]/public_html) should have permissions set to:
drwxr-xr-x (755)
And the default file (e.g., index.php or index.html) should have permissions set to:
drw-r--r-- (644)
If the permissions are more restrictive (e.g., 700 or 750), the web server may not have access to read the folder, resulting in a 403 Forbidden error even if files are present.
Checklist #3: Review .htaccess
Your server configuration may explicitly block access to certain IP addresses. Here are some examples that might cause 403 Forbidden error at user’s end
- Example 1 : IP 123.123.123.123123.123.123.123 is blocked. If a user tries access the website with this IP address, they will get 403 Forbidden error
<RequireAll> Require all granted Require not ip 123.123.123.123 </RequireAll>
- Example 2 : Only IP 123.123.123.123 is able to access the website. If a user tries to access with another IP, they will get 403 Forbidden error
Require ip 123.123.123.123
- Example 3 : Permission to specific file is denied. This is to ensure any confidential information is not accessible to public
<Files "config.php"> Require all denied </Files>
Ensure that you know what you are doing before doing any modification to .htaccess.
Conclusion
The 403 Forbidden error is a common and often intentional response from the server to protect your website or data. It can occur when directory listing is disabled and no index file is present, when folder or file permissions restrict access, or when IP or resource-based restrictions are enforced. Understanding each of these causes allows you to pinpoint the root of the problem and apply the right fix. By reviewing configuration files, access control rules, and permissions carefully, you can restore proper access while maintaining strong security for your website.
Should you have any technical inquiries, feel free to contact us at support@ipserverone.com