What is 403 Forbidden Error and why it occurs ?
The HTTP 403 Forbidden Error means the access to any particular file/folder you are trying to access is being denied due to permission or due to mis-configuration. To check this further you need to check the server logs if you were a system administrator.
Different web browsers will display 403 Forbidden Error in different ways. I am listing few common browser errors.
- ​"403 Forbidden"
- "Forbidden : You don't have permission to access file/folder on this server.
- "HTTP 403"
Few things that could cause 403 Forbidden Error
An user with authentication can only browse the files which were located in his website, where no other user can access it until and unless he is allowed.
By default, accessing website files of an user is forbidden to all users. For example, if any unknown client/users try to access with no privileges, it throws 403 forbidden error.
Permissions of Files or Directory
The 403 Forbidden error means that your file or directory has no enough permissions, then it will give you this error. Let me show you the permissions for directories and files. It is 755 for directories and 644 for files . Executable scripts within the cgi-bin folder must be 755. Images, media, and text files like HTML should be 755 or 644.
If the permissions of directories/files set to 000 then there is a chance of triggering 403 Forbidden error when you access your website.
Some times we get the "403 Forbidden" error, even though the permissions and everything is fine. In this situation we need to check .htaccess file of your website's document root folder.
Allow/Deny Access to Your Website Files using .htaccess
Web pages are nothing but the files which you are hosted in your webserver. There are many possibilites to restrict the users to access the URL'S of your website. You can also restrict the end user from accessing the website and can limit access to few files/folders instead of giving full permissions. There are few options which can be done using .htaccess
- Need to deny from everywhere expect from where you access your website files. It will shoot 403 forbidden error when anyone access the website from other IP's.
- Deny all the IPS with a few exceptions from viewing your website and website files. Here you can allow few IP's and gives permission to access.
- Allow all IPS to view your website and website files. This is the default action for every website.
- Deny all IP's from viewing ".jpeg" files on a website. It disallows .jpeg files to access from elsewhere.
Few websites which were authenticated by default and any end user try to access with no password it will throw 403 Forbidden Error. Basically, these settings can be updated in .htaccess orelse you can set this from your cPanel too.
Lets see the settings. I am giving few options which you can update in your .htaccess file.
Deny access to entire website from all IP's except from one (1.1.1.1)
Allow from 1.1.1.1
Deny from all
Deny access to all .html files from all IPS except 1.1.1.1
<FilesMatch ".html$">
Allow from 1.1.1.1
Deny from all
</FilesMatch>
Deny access to all .html, .htm, .txt, .jpg, .jpeg files from all IPS except 1.1.1.1
<FilesMatch ".(html|htm|txt|jpg|jpeg)$">
Allow from 1.1.1.1
Deny from all
</FilesMatch>
Allow access from everywhere except from one IP
Deny from 1.1.1.1
Note
If you are suppose to change anything in your .htaccess file, be-careful as it might cause 500 Internal server error if you add any line which doesn't require to update. You can always contact our support if you receive any issues with 403 Forbidden Error.