Encountering a "403 Forbidden" or "Access Denied" error when trying to access a website is frustrating. This client-side error typically occurs due to incorrect file permissions on the web server hosting the site.
The full error message usually says something like:
403 Forbidden
You don't have permission to access /index.html on this server.
Or
Access Denied
You don't have permission to access this resource on this server.
This implies the requested file or resource exists on the server but the permissions are restricting public access.
In this guide, we'll explore common reasons for 403 forbidden errors on Apache and Nginx servers and how to fix them.
What Causes 403 Forbidden Errors?
Some common causes for 403 errors are:
Incorrect file or folder permissions and ownership
Misconfigured Apache/Nginx directory access rules
Outdated or corrupted
.htaccessfilesWeb server configuration changes in Apache 2.4+
Blocking by security extensions like ModSecurity
VPN or proxy server configurations
Out of these, issues with filesystem permissions and web server directives are the most prevalent.
When your web server is unable to read files due to restrictive permissions, it rightly denies access to them - resulting in a 403 error visible to users.
Fixing 403 Errors Step-by-Step
Follow these troubleshooting steps to resolve 403 errors:
1. Check File and Folder Permissions
First, verify the permissions on key folders like /var/www or /srv/www depending on your setup.
Run:
ls -ld /var/www
It should show 755 permissions for directories and 644 for files. If not, run:
sudo chmod -R 755 /var/www
sudo chmod -R 644 /var/www/*
This recursively fixes folder and file permissions under /var/www.
2. Verify Apache/Nginx Directory Access
Apache and Nginx have directives to control which directories can be accessed.
For Apache 2.4+ servers, the /etc/apache2/apache2.conf file should include:
<Directory />
Require all denied
</Directory>
<Directory /var/www/>
Require all granted
</Directory>
This denies access to web root and allows access to /var/www contents.
For Nginx, the /etc/nginx/nginx.conf file needs:
location / {
deny all;
}
location /var/www/ {
allow all;
}
Similarly, allow access to your content directory.
3. Recreate .htaccess File
Corrupted .htaccess files can also lead to 403 errors. Rebuild it by going to WordPress Settings > Permalinks > Save Changes. Or upload a clean .htaccess file again from known good backup.
4. Check Server Logs
Review the Apache/Nginx error logs for more clues. For Apache, use:
sudo less /var/log/apache2/error.log
For Nginx:
sudo less /var/log/nginx/error.log
Look for hints on source of 403 errors.
5. Restart Web Server
After making changes to fix permissions or configuration errors, restart your web server.
For Apache in Ubuntu/Debian:
sudo systemctl restart apache2
For Nginx in Ubuntu/Debian:
sudo systemctl restart nginx
Now access your site again. The 403 errors should be resolved.
Best Practices to Avoid 403 Errors
Follow these tips to avoid 403 errors in the future:
Set up correct file and folder ownership and permissions from the start
Limit access with
.htaccessfiles instead of server directivesMake configuration changes safely, one at a time
Take regular backups of
.htaccessfiles and websiteMonitor server and access logs to catch issues early
Use a CLI tool like
phanto audit and validate configsEnable ModSecurity selectively to prevent security issues
With proper troubleshooting, you can quickly resolve 403 permission and access errors on your Apache or Nginx servers. This will ensure smooth and uninterrupted access for your users.
The 403 Forbidden error is one of the most common errors people face while accessing websites. In most cases, incorrect file permissions are the culprit. ButDirective issues can also cause similar "access denied" errors.
Follow the step-by-step guide outlined in this article to troubleshoot and fix 403 errors on your Apache or Nginx server. Setting up the right permissions and validating your configurations is key to keeping your website running smoothly.