It is quite frustrating to be denied access to the information you need especially on your website. You may have been logging in with no problems, and then one day, you receive the ‘access denied’ notification.
The server informs you that you do not have permission to access your website! An HTTP 403 Forbidden code is sent and you have to figure out how to get around it. What is a 403 error response?
An HTTP 403 code means that the server understood the request but will not process it. If the server wants to make known why a request is forbidden, it can provide the reason in the payload. The server may consider the authentication codes supplied in the request inadequate.
The client should avoid the same request with the same codes. However, the client may create the same request using different or new credentials. A server may still send an HTTP 403 forbidden error code for reasons that have nothing to do with the credentials.
The code references look like this:
Rails HTTP Status Symbol: forbidden
Go HTTP Status Constant http.StatusForbidden
Symfony HTTP Status Constant Response::HTTP_FORBIDDEN
Python2 HTTP Status Constant httplib.FORBIDDEN
Python3+ HTTP Status Constant http.client.FORBIDDEN
Python3.5+ HTTP Status Constant http.HTTPStatus.FORBIDDEN
HTTP status codes are used to provide information about requests made by a client. Apart from the 403 Forbidden error code, there are others such as 100, 200, 300, 400, and more.
A 403 Forbidden error response may look like this:
HTTP 1.1 403 Forbidden
Date: Fri, 30 Nov 2018 09: 19: 02 GMT
Web servers provide requested data in a variety of ways. The data or resources may be presented in URLs that refer to the source. Sometimes, the resources requested may be denied. A 403 Forbidden response is issued in such an instance.
If the access requires further authentication, a 402 response is generated.
So, what does 403 Forbidden mean? As mentioned in the intro, HTTP 403 forbidden error means the server acknowledges the request but refuses to process it. This status is much like the 401 code. The difference is that re-authentication will not produce positive results with the 403 code.
Access is completely banned. The reason provided is insufficient authentication codes. Naturally, this can be perturbing especially if you run the site and have no problem accessing it previously.
HTTP 403 presents a unique error case in the sense that it is returned when the client is denied access to resources it requested. HTTP 401, on the other hand, is returned when the client fails to provide valid authentication. Once that is presented, the client will be allowed access.
The 403 code denies access and the reason given is that the credentials presented are not sufficient.
Substatus Error Codes of IIS
IIS describes nonstandard error codes that furnish the user with a particular reason for the 403 code response. A 403 code refuses re-authentication. The 401 code, on the other hand, insinuates that re-authentication may result in positive results if the credentials provided in the request are valid.
The response given must include a www-Authenticate header field that includes a challenge appropriate to the resource requested. The client may create the same request with a valid Authorization header field.
If the request contained Authorization codes, then the 401 code response may cite the codes as the reason for the response.
The client may request a URL path that corresponds to file system directories when directory listings have been disabled in the server. Also, there may be no directory index that determines a current file to be returned to the browser.
In either instance, the result will most likely be a 403 error code response from an Apache web server. Therefore, when you see a response such as 403 forbidden access is denied, or its variations, you have an inkling why,
Some administrations set up the Mod_proxy to Apache to reject such requests. This also results in a 403 code response. Microsoft IIS responds in a similar fashion when directory listings are rejected in that server.
Microsoft’s IIS returns the following nonstandard codes:
There are several reasons why you may be seeing a 403 Forbidden error message. The most obvious reason is that access to the page you requested has been denied. The server tells you that you do not have permission to access the page you asked for.
Three other common reasons for these particular error codes include the following:
A website Directory is Empty
In this case, check whether your site content is uploaded to the right directory. To access this information, type the following in your search bar:
Plesk server: /var/www/vhosts/example.com/httpdocs/
Once you connect to your FTP user, you can easily navigate browse to the httpdocs directory. Do not forget to include your actual domain name.
cPanel server: /home/example/public_html/
From your FTP user, you can connect to your public_html directory. Remember to erase the example and input the name of your cPanel account username.
Ownership or Permission Error
If the ownership or permissions on your site are incorrect, simply correct them.
Missing Index page
Your site’s home page is named index.html or index.php. If the page is missing, upload an index page to your httpdocs/public_html directory. If your home page goes by a different name, you can:
When the response is you ‘are not allowed to use the server’, a user can be dismayed. Fortunately, it is possible to fix the problem.
First off, how does the 403 Forbidden error appear? Different servers present 403 Forbidden errors in different ways. Some servers customize the site’s HTTP 403 Forbidden error. However, these are few and far between.
Here are a few manifestations of the error message on a variety of servers:
The error code appears inside the browser window and can be viewed in any browser on every operating system.
The Internet Explorer carries ‘The website declined to show this webpage’ option. This is a 403 Forbidden error message. When you open links in Microsoft Office programs, you may get ‘Unable to open URL. Cannot download the information you requested’.
Fixing the 403 Forbidden Error
Here are a few pointers on how to fix a 403 Forbidden error on your server.
Check for URL Errors: Ensure that you have identified a specific web page file name as well as the extension. A directory alone will not do. The number one reason for the 403 error code is directory browsing. Lots of websites are configured to prevent it.
Hence, the error code will pop up when attempting to present a folder instead of a particular page. If you operate the website that refuses to open, enable directory browsing in your web server. This will prevent HTTP status 403 forbidden error responses.
Clean up Your Browser’s cache: If you have cached a version of the page you are looking for, this could be the problem. A cache clean could be the perfect 403 error fix that your server needs.
Try Logging into the Website: If it is possible and appropriate, log into the website. The error code could simply mean that you need further access before you are allowed to view the page. Normally, a 401 error is generated by a website that demands special permission.
Clear Your Browser’s Cookies: This is especially necessary if you log into the website but your last attempt was unsuccessful. However, ensure the cookies are enabled on your browser. The 403 error message is also an alert that cookies may be involved in gaining proper access.
Contact the Website: The 403 Forbidden response may be a mistake. You and others may be seeing it but the site may be unaware that there is a problem. How do you find out if the error is seen by everyone, not just you?
Many websites run support-based accounts on social media platforms. This makes it easy to access them as users can simply click on the link provided. Several sites also provide contact details such as phone numbers and email addresses.
You may come across a thread on Twitter or Facebook discussing a site that has gone down. That is one way to know that a website is not accessible. If your website is popular, you will easily know if others cannot access it as users will be asking why.
Reach Out to Your Internet Provider: If others can easily access your website, the problem may be your internet provider. You may discover that your public IP address or ISP has been blacklisted for some reason. This may explain the 403 forbidden error response.
Revisit the Page Regularly: If you have ascertained that the page you are trying to access is the correct one, leave it for a while. Try to access it later and regularly until the issue is resolved. This is also an excellent option if you have established that the error is seen by everyone.
Other errors that look like the 403 Forbidden response include the following:
These are client-side errors that may be caused by client-related issues. There are code errors that are server-related as well. These include the following:
Ultimately, if you get a 403 Forbidden error response, there are some steps you can take to rectify it and access the information you need. In addition, it is possible to diagnose the problem and find solutions.
If the error code is visible to everyone, you may need to conduct some diagnostics to figure out what is wrong. If it is visible to you alone, then your service provider may provide a solution.