HTTP Error – 403 Forbidden

Description

A 403 – Forbidden error means the server no longer grants you permission to view at the files being served for the website. This is usually caused by the webserver blocking the files or an endpoint is being protected by an authentication annotation or authentication middleware.

403 forbidden http error

Troubleshooting to Fix

  • Check the folders’ and files’ permissions. Sometimes after uploading files via ftp or upgrading certain scripts the permissions on the files get changed. Linux permissions should generally be set to either 644 or 755 depending on what the script requires. E.G. If a file permissions is 444, 111, etc – the server will not be able to read and execute the script properly.
    NOTE: if you cannot seem to change the permissions of a file, check the folder’s permissions above it and make sure the permissions are set properly
  • Check the .htaccess file for probable causes. There are a variety of possible causes for a 403 – Forbidden error that can occur in the .htaccess.
    1. The .htaccess might be blocking all IP addresses except a few. The code for that would look something like the following:

      [bash]
      order allow,deny
      allow from 173.254.38.123
      deny from all
      [/bash]

    2. The .htaccess may also be missing a line that says DirectoryIndex. This is particularly less common because the DirectoryIndex line is typically not needed in the .htaccess file.

      [bash]
      DirectoryIndex index.html index.cgi index.php
      [/bash]

    3. Try touching the .htaccess file.

      [bash]
      touch .htaccess
      [/bash]

  • Does the endpoint grant the right permissions. Sometimes the rest service you are requesting will return a 403 http error if the request comes from an unauthorized source. Usually a cookie or some form of an authentication token must be set. If you believe you are authenticated properly then try clearing the cache and cookies. If the problem still occurs when it should not, then check your authentication code. If you’re using angular and express then the middleware that validates your role may have some bad logic. Spring for example uses a PreAuthorize annotation that has logic that determines the user’s ability to access the endpoint.

Leave a Reply

Your email address will not be published. Required fields are marked *