Skip to main content
HashnodeTheTechDeck | Tech Made Simple for EveryoneTheTechDeck | Tech Made Simple for Everyone

Command Palette

Search for a command to run...

Troubleshooting 403 Forbidden Error on Server

Updated
4 min read
Troubleshooting 403 Forbidden Error on Server
P
Pratik M

As an experienced Linux user and no-code app developer, I enjoy using the latest tools to create efficient and innovative small apps. Although coding is my hobby, I still love using AI tools and no-code platforms.

Part of seriesCyberSecurity

Encountering a "403 Forbidden" or "Access Denied" error when trying to access a website is frustrating. This client-side error typically occurs due to incorrect file permissions on the web server hosting the site.

The full error message usually says something like:

403 Forbidden
You don't have permission to access /index.html on this server.

Or

Access Denied
You don't have permission to access this resource on this server.

This implies the requested file or resource exists on the server but the permissions are restricting public access.

In this guide, we'll explore common reasons for 403 forbidden errors on Apache and Nginx servers and how to fix them.

What Causes 403 Forbidden Errors?

Some common causes for 403 errors are:

  • Incorrect file or folder permissions and ownership

  • Misconfigured Apache/Nginx directory access rules

  • Outdated or corrupted .htaccess files

  • Web server configuration changes in Apache 2.4+

  • Blocking by security extensions like ModSecurity

  • VPN or proxy server configurations

Out of these, issues with filesystem permissions and web server directives are the most prevalent.

When your web server is unable to read files due to restrictive permissions, it rightly denies access to them - resulting in a 403 error visible to users.

Fixing 403 Errors Step-by-Step

Follow these troubleshooting steps to resolve 403 errors:

1. Check File and Folder Permissions

First, verify the permissions on key folders like /var/www or /srv/www depending on your setup.

Run:

ls -ld /var/www

It should show 755 permissions for directories and 644 for files. If not, run:

sudo chmod -R 755 /var/www 
sudo chmod -R 644 /var/www/*

This recursively fixes folder and file permissions under /var/www.

2. Verify Apache/Nginx Directory Access

Apache and Nginx have directives to control which directories can be accessed.

For Apache 2.4+ servers, the /etc/apache2/apache2.conf file should include:

<Directory />
  Require all denied
</Directory>

<Directory /var/www/>
  Require all granted 
</Directory>

This denies access to web root and allows access to /var/www contents.

For Nginx, the /etc/nginx/nginx.conf file needs:

location / {
  deny all; 
}

location /var/www/ {
   allow all;
}

Similarly, allow access to your content directory.

3. Recreate .htaccess File

Corrupted .htaccess files can also lead to 403 errors. Rebuild it by going to WordPress Settings > Permalinks > Save Changes. Or upload a clean .htaccess file again from known good backup.

4. Check Server Logs

Review the Apache/Nginx error logs for more clues. For Apache, use:

sudo less /var/log/apache2/error.log

For Nginx:

sudo less /var/log/nginx/error.log

Look for hints on source of 403 errors.

5. Restart Web Server

After making changes to fix permissions or configuration errors, restart your web server.

For Apache in Ubuntu/Debian:

sudo systemctl restart apache2

For Nginx in Ubuntu/Debian:

sudo systemctl restart nginx

Now access your site again. The 403 errors should be resolved.

Best Practices to Avoid 403 Errors

Follow these tips to avoid 403 errors in the future:

  • Set up correct file and folder ownership and permissions from the start

  • Limit access with .htaccess files instead of server directives

  • Make configuration changes safely, one at a time

  • Take regular backups of .htaccess files and website

  • Monitor server and access logs to catch issues early

  • Use a CLI tool like phan to audit and validate configs

  • Enable ModSecurity selectively to prevent security issues

Consider Failover Protected Cloud Servers

The failover protection is like a backup plan that kicks in if something goes wrong with the main cloud environment. It is worth considering Failover Protected Cloud Servers, for example, those offered by HostColor.

They ensure that the hosted websites, applications, and workflows will have either a zero or a minimal interruption of services in case of a downtime of the primary physical infrastructure, where the main cloud server environment resides.

With proper troubleshooting, you can quickly resolve 403 permission and access errors on your Apache or Nginx servers. This will ensure smooth and uninterrupted access for your users.

Conclusion

The 403 Forbidden error is one of the most common errors people face while accessing websites. In most cases, incorrect file permissions are the culprit. ButDirective issues can also cause similar "access denied" errors.

Follow the step-by-step guide outlined in this article to troubleshoot and fix 403 errors on your Apache or Nginx server. Setting up the right permissions and validating your configurations is key to keeping your website running smoothly.

#linux#troubleshooting#web-server#linux-for-beginners#403-forbidden

Comments

Join the discussion

No comments yet. Be the first to comment.

CyberSecurity

Part 1 of 50

Stay safe online with essential tips and insights into cybersecurity

More from this blog

T

TheTechDeck | Tech Made Simple for Everyone

772 posts

Explore the best tech tips and tricks for Windows, Mac, Linux, Android, and gaming. Simplify tech with TechUvy's expert guides