I get a 403 Forbidden error when I try to view my site
This article was posted in: Web Hosting
You may get something like this when you try to view your website or any URL within it.
The Forbidden error is actually a http status code 403. It simply means you don't have permission to access / on this server. The / symbol could be relaced by any URL on your website, depending on where you saw the error.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request - The 404 error is coincidental and occurs because, you have not yet configured a custom error page to handle 404 errors. You can do this in cPanel using the Error Pages icon in the Advanced section of your cPanel account.
Here are the most common causes of 403 errors:
1 - Mod Security has blocked access to the page due to a rule infringement
Mod security is a system that filters all incoming requests to your website. It works in the background, and checks every page request against thousands of rules to filter out requests that look malicious. That is to say, requests that have been crafted to exploit vulnerabilities in website software with the ultimate goal of hacking your website.
Sometimes, due to poorly written code within your website, mod security will incorrectly determine that a request is bogus, when in fact it is quite innocent. When this happens you will get a 403 Forbidden error.
Important : If you repeatedly try to reload the same problematic URL again and again, then your IP address will soon become locked out of the server for a period of 20 minutes or so.
If you can rule out reasons (2) and (3) below, then please raise a support request, giving us:
- The time you experienced the error
- The URL you were accessing at the time
- Your public IP address (available from http://viewmyip.co.uk)
2 - Missing index file in the URL you have browsed
If you are trying to browse to your website and you get this error, then you have probably not uploaded a suitable index file into your public_html/ directory. Read our article Where do I upload my website files?
Your website is served from the public_html/ directory, which is a subdirectory in your home directory.
You have either uploaded files directly into the home directory (the one ABOVE public_html) by mistake, or you have simply not uploaded a suitable index file (a home page) into public_html/ or the subdirectory of public_html/ from which you are trying to serve your page.
We don't enable directory browsing by default for security reasons. In order for our web server to automatically serve a webpage when you browse to a directory (including your root / ), the default index file must be named as one of the following:
index.htm, index.html, index.shtml, index.xhtml, index.wml, index.perl, index.pl, index.plx, index.ppl, index.cgi, index.jsp, index.js, index.jp, index.php4, index.php3, index.php, index.phtml, default.htm, default.html, home.htm, index.php5, Default.html, Default.htm, home.html
3 - Incorrect file permissions
In order for the world to be able to browse your website, you have to give it permission! This is usually all handled automatically when you upload files. However, if you have been working with permissions, then it's possible you made a mistake. Please read the article What file and directory permissions should I use for my web files?