Web Development

What is 403 forbidden error

By Bastien, on November 26, 2024 - 9 min read

Have you just come across a page announcing the message “403 Forbidden” or “403: Access denied” or “403 Forbidden – NGINX”? Let’s explain it all.

error 403 forbidden

What does a 403 error mean?

403 error = server understood your request but refuses to execute it.

The HTTP 403 error is a code returned by the server to the client (your browser) when you request a page, a resource, … When all goes well, the system returns code 200.

When the requested page displays the message “Error 403 Forbidden” or one of its variants, the server signals that it has understood the request but does not wish to respond. That is, it will not return the requested web page, file or resource.

In contrast to the error 404 and or the error 410 which correspond to a problem on the server or the API, the 403 error is not really an error but information: content to such and such a page or resource is denied.

Also read : How to Change the Windstream Wi-Fi Password?

Why is access to content denied?

Access rights do not allow access to the resource.

Protected content

A 403 error can be quite legitimate, for example if I am trying to access a directory / folder containing sensitive files that are blocked from access on the server. This is what happens if you are looking to reach the /wp-includes directory on a WordPress site.

In this case, there is nothing to do. It is normal that this content is not directly accessible on the Internet.

Inappropriate configuration

You may have an issue on your web browser. Here are some things to look at:

  • Your web browser’s cache
  • Pause your adblocker or allow the requested site on that tool
  • Pause your antivirus: if the site is blacklisted in the antivirus, it will be blocked and you may get a 403 error when visiting it

Your IP address is blocked

Your IP may have been blocked by the server. This can be due to several reasons, including: too many requests. If your IP has sent hundreds of requests in a short time, the domain server will block it out of protection hacking attempts.

Some tools used to attempt to penetrate a website use an IP that is already blacklisted. In this case, you must contact the webmaster or hosting provider to request access to the domain.

Mis-settings

The 403 error corresponds to an access rights issue, which may or may not be legitimate.

In the case where the requested resource should not be blocked, we need to go and modify the rights on the server:

  • The read/write/modify right, which corresponds to 3 digits, each digit corresponding to a set of rights for a set of users.
    For example, WordPress, the most used CMS in the world, and therefore the one that suffers the most malicious attacks, says that the access rights to be set are 644 for files and 755 for directories.
  • The setting of the .htaccess file if you’re on an Apache server (NGINX servers don’t have an .htaccess file). You need to have rights at level 755 on this file to avoid errors.
  • If you are on WordPress, it may be from one of the many plugins you use. If the error persists after all previous fixes, try disabling your WordPress’ plugins.

Depending on your hosting, you will have several ways to make the modifications on your website (FTP, SSH, …).

Requirement to be logged in to see the file

In this case, the server does not reply with a 403 error but a 401 error. It knows that it is possible to see the requested resource, but you must be authenticated on the site to do so.

Netflix nsez 403

If you stumble upon a message on Netflix with the “Error NSEZ-403 Something went wrong. Sorry, we’re having trouble with your request. You will find lots to explore on the home page.” message, it generally means you could have connectivity trouble. You can try the following solutions.

For Mac or windows computer

Try to sign in your Netflix account on a different device (your smartphone for example) but using the same network as your computer. For example, if you use the wifi from your home with your computer, use the same wifi to connect with your smartphone.

  • If you don’t success to sign into your Netflix account and you see an error message, try again later.
  • If you don’t see any error message when sign in, you have to contact the Netflix support as there is a problem somewhere.

Other devices (smartphone, tablets, …)

Go to the Netflix website with a computer.

  1. Visit the url using the same network as the one used with your first devices.
  2. Try to sign in on the computer
    1. You see the NSEZ-403 error. You can’t connect into our account. You can try again later.
    2. You don’t see the error, contact the support.

NGINX 403 forbidden

If your server on Nginx, you will certainly have the following message: “403 Forbidden – nginx”. On Nginx, no .htaccess file.

NGINX 403 Forbidden is an HTTP error response message indicating that a client is not allowed to see the requested page. This is most commonly caused by a server-side issue, such as incorrect permissions or an incorrect index file.

Incorrect Index File

The most common cause of an NGINX 403 Forbidden error on a website is an incorrect index file. When a user visits a URL of the website, the system looks for a file named “index.html” in the requested directory or folder. If no such file is found, the server will return a 403 Forbidden error status.

To fix this issue, ensure that an appropriate index file exists in the requested directory / folder.

Incorrectly Set Permissions

Another common cause of an NGINX 403 Forbidden error is incorrectly set permissions. All directories within the web server’s directory should have the correct permissions set.

The user running the web server must have read and execute permissions. If these permissions are not set correctly, the system will return a 403 Forbidden error. To fix this issue, ensure that the permissions are set correctly for the user running the web server.

Client-Side Cause of Error 403

Finally, it is possible that the client-side is causing the 403 Forbidden error. A few possible causes of this issue include:

  • A security plugin
  • An outdated browser
  • Or an issue with the cache

To fix this issue, try disabling any security plugins, clearing the browser’s cache, or updating it to the latest version.

As you can see a 403 Forbidden error status code can have several causes… Fortunately, it’s possible to fix it.

How to fix a 403 Forbidden error?

A 403 Forbidden error can be really annoying. Here are some easy steps that could help you solve the problem:

  1. Do the basic checks (authentication, API…)
  2. Disable your website plugins
  3. Upload an html or php index page (homepage)
  4. Check .htaccess file
  5. Check the A record
  6. Temporarily disable the firewall
  7. Clear your browser history
  8. Contact the website owner

Do the basic checks

Before trying to fix anything you can do some basic checks:

  • Verify the URL: Make sure that the address you are trying to access is correct and up-to-date.
  • Authentication: If the resource requires authentication, ensure that you are providing the correct credentials.
  • Permission: The server or API may reply with a 403 error if the user don’t have the permission to read and access the requested resource. Contact the website owner or system administrator to request access.

Disable your website plugins

If you are using WordPress, the first thing you need to do is to disable all plugins. Sometimes a plugin can cause an error in the 403 Forbidden page. To disable your plugins, go to the Dashboard and select Plugins. Then click on the Deactivate link under each plugin name.

desactivate plugin

Upload an HTML or a PHP index page (homepage)

If the 403 Forbidden error is showing up because of a missing index page, you can easily fix the problem by checking that your homepage is named index or creating an index page.

Use any HTML editor such as Notepad++ to create an index.html or index.php page with some basic HTML text and then upload it to your website’s root directory. 

Check .htaccess File

If you are using an Apache web server or API, verify the .htaccess file for any rules that may be blocking access to the resource. You may need to remove or modify these rules.

To verify the .htaccess file, you need to go to the root directory of your website on the web server. This can be done by following these simple steps:

  1. Connect to your web server: The best way to connect to your web server is by using an FTP client such as FileZilla, or through the cPanel File Manager, or using the command line if you have shell access.
  2. Locate the root directory: The root directory is the top-level folder that contains all the files and subdirectories of your website. In the FTP or the cPanel File Manager, navigate to the root directory. If you are using the command line, you can navigate to the root directory using the “cd” command.
  3. Find the .htaccess file: The .htaccess file is a hidden file, so you may need to configure your FTP or File Manager to show hidden files. In FileZilla, you can do this by going to the “Server” menu and selecting “Force showing hidden files.” In cPanel, you can press the “Settings” button in the File Manager and select “Show Hidden Files.”
  4. Open the .htaccess file: Once you have found the .htaccess file, you can open it using a text editor, such as Notepad or Sublime Text.
  5. View the contents: The .htaccess file should contain one or more directives, such as Rewrite Rules or authentication settings, that control how the server handles requests to your website. Review the contents of the file to see if there are any issues or errors that could be causing the 403 Forbidden error.

Check the A DNS Record

The A record is the most basic type of DNS record and is used to point a domain name to an IP address. If the A record is not pointing to the correct IP address, then you will get a 403 Forbidden error. To check the A Record, you need to use a DNS lookup tool such as MXToolbox. 

Temporarily disable the Firewall

The firewall settings on your computer or network could be blocking access to the resource. Temporarily disable the firewall to see if it is the source of the problem.

Clear the browser history

Another way to fix a 403 Forbidden error is to clear the cookies and history. This can be done a follow:

  1. Google Chrome:
    • Click the three dots in the upper-right corner of the screen.
    • Select “More tools” and then “Clear browsing data”
    • In the “Time range” section, select “All time”
    • Check the boxes for “Cookies and other site data” and “Cached images and files”
    • Click the “Clear” button
  2. Mozilla Firefox:
    • Click the three horizontal lines in the upper-right corner of the screen
    • Select “Options”
    • Click the “Privacy & Security” panel on the left side
    • Scroll down to the “Cookies” section
    • Click the “Manage Data” button
    • Select the files you want to remove, and then click the “Remove Selected” button

After clearing the history, restart your browser and try accessing the resource again. If the 403 Forbidden error persists, you can contact the website owner.

Contact the website owner

If you are still unable to see the resource after following all the precedent steps. The best way to solve it is to contact the website owner or the hosting provider and ask for help.

Advanced Troubleshooting: Fixing 403 Forbidden Errors in Specific Environments

1. For Apache Servers

Common Cause: .htaccess misconfigurations are a frequent source of 403 errors in Apache.

Solution:

  • Check .htaccess Syntax:
    Order Deny,Allow
    Deny from all
            

    Update to:

    Require all granted
            
  • Directory Indexing: Apache may block access to directories without an index.html or index.php file. Add this to your .htaccess file:
    Options +Indexes
  • Permission Settings: Verify folder permissions are set to 755 and files to 644. Use these commands:
    chmod -R 755 /path/to/directory
    chmod -R 644 /path/to/files
            
  • Error Logs: Check Apache logs for details:
    tail -f /var/log/apache2/error.log

2. For NGINX Servers

Common Cause: Directory listing disabled or restrictive server blocks in configuration files.

Solution:

  • Enable Directory Listing: Edit the NGINX configuration file to allow directory access:
    location / {
        autoindex on;
    }
            
  • Correct Permission Errors:
    chmod -R 755 /path/to/directory
    chmod -R 644 /path/to/files
            
  • Check Server Blocks: Ensure the correct root directory is specified:
    server {
        root /var/www/html;
        index index.html index.htm;
    }
            
  • Logs: Review NGINX logs for insights:
    tail -f /var/log/nginx/error.log

3. For IIS Servers

Common Cause: Misconfigured request filtering or authentication settings.

Solution:

  • Enable Directory Browsing:
    1. Open IIS Manager.
    2. Select the site and double-click “Directory Browsing.”
    3. Click “Enable.”
  • Adjust Authentication: Ensure the right users have access:
    1. Open “Authentication” settings in IIS Manager.
    2. Enable “Anonymous Authentication” or set up user-specific permissions.
  • Permissions: Use IIS Manager to verify that the root folder has proper read permissions for IIS_IUSRS.

Visual Guide to Permissions

Use this table to understand the recommended permission settings for files and directories:

Item Command Permissions
Files chmod 644 filename rw-r--r--
Directories chmod 755 foldername rwxr-xr-x
Sensitive Files (e.g., .htaccess) chmod 600 .htaccess rw-------

SEO Implications of 403 Errors

Why It Matters:

  • Search engines cannot index pages with 403 errors, leading to lower rankings and missed traffic opportunities.
  • Repeated 403 errors may signal search engines that your site has restricted or poor-quality content.

Best Practices:

  • Use tools like Google Search Console to detect and monitor crawl errors.
  • Redirect problematic URLs to working pages using 301 redirects where applicable.

Common Edge Cases and Fixes

  • IP Whitelisting Issues: Check if your IP is blocked. Open the .htaccess file and look for lines like:
    Deny from 192.168.1.1

    Remove or update as needed:

    Allow from all
  • Geolocation Restrictions: Hosting providers may block access from certain countries. Use a VPN to test for regional restrictions.
  • Firewall or Antivirus Blocking: Firewalls may mistakenly block access. Temporarily disable antivirus or firewalls to verify:
    sudo ufw disable

User-Friendly Fixes for Non-Technical Readers

  • Clear Browser Cache and Cookies:
    1. In Chrome, go to Settings > Privacy > Clear Browsing Data.
    2. Select “Cookies and other site data” and “Cached images and files.”
  • Disable Browser Extensions: Open your browser in incognito mode or disable extensions that might block access.
  • Restart Your Router: Unplug the router for 2 minutes, then reconnect to resolve network-level issues.
  • Use a VPN: If the site is blocked for your region, try accessing it through a VPN.

Error Comparison Table: 403 vs. Related HTTP Errors

Error Code Meaning Solution
403 Forbidden Check permissions, configs.
401 Unauthorized Provide valid credentials.
404 Not Found Fix broken links or add resources.
500 Internal Server Error Debug server-side configurations.

Bastien