When you entered your site, did you find a message with the code "403 Forbidden" and a legend that says something like "you do not have permission to access this server"? No one likes to find a surprise like this, but it is not a reason to stress out more than necessary. Unexpected errors are the daily bread of web page administrators and designers, and this one in particular, has a relatively simple solution.
Before explaining the steps to follow to fix error 403, you must first understand what it is.
This is one of the status codes that make up the HTTP protocol, and its purpose is to inform a user that their request to access a certain site has been denied because the hosting he doesn't accept it. In other words, it indicates that it is prohibited to enter a web page.
The 403 Forbidden error can be the result of several factors. Let's see what they are, and the proposed solution for each one.
HTTP error 403 due to incorrect URL
It is possible that you are trying to access a web page that only the administrator has access to, hence a Forbidden error occurs. Most CMSs impose barriers in order to prevent unauthorized individuals from entering restricted areas and making changes that compromise the integrity of the site.
Therefore, to make changes to your site, it is not enough to enter the page URL in edit mode. If you do not want the 403 error to appear, you must first enter the administration panel of your CMS. To do this, you have to go to the access portal and enter your name and password.
Access denied can also be because you are entering a restricted area of your portal without that being your intention. When you've been managing websites for a while as an administrator or designer, the directories can be so familiar that you can enter the wrong path without thinking about it.
On the other hand, the address bar of many browsers allows you to autocomplete the URL with just a few characters, which increases the possibility of opening an unauthorized web page. In short, one way to avoid it is to look closely at the address of the website you are visiting.
403 Forbidden due to a browser malfunction
The way browsers collect information about the sites you visit can cause an HTTP error.
The first method consists of saving a type of files called cookies, which are generated by the page itself, and contain the user's activity history during their last visit. They allow you to identify your browsing habits in order to show personalized content or ads on a later occasion.
The second way is through the cache, a space on the hard drive or device memory that temporarily stores part of the content of the websites you recently accessed. Thanks to this, the loading of pages that you visit regularly is accelerated.
Have you made sure you haven't entered the wrong URL, and yet the HTTP 403 problem persists? The access error could be the result of a modification to your site that causes a conflict between the data stored in the browser and the current portal configuration.
To resolve this error, the next thing you should do is go into your browser settings and clear cookies and cache. In fact, it is advisable to adopt this good practice whenever you make a change to your site.
HTTP 403 because of errors in the firewall
To protect your site from computer attacks, the vast majority of companies that offer hosting services turn to Mod Security. As its name indicates, it is a module focused on the security of your website, an extremely valuable tool.
Among the main functions of this firewall are its ability to monitor traffic in real time, blocking any request that it considers a threat, detect weaknesses in the site's shielding and apply restrictions in areas most vulnerable on the portal. Now, detecting suspicious activity (substantiated or unsubstantiated) can trigger a 403 error.
If you have already verified that the URL entered is correct and you have deleted the cookies and cache of the navigator, but the error persists, the failure could originate in ModSecurity. To rule out this possibility, you must enter the administration panel of your CMS and deactivate this firewall in the Security section. By doing so, a warning will be displayed about the risk of continuing with this action. Remember that this is a temporary solution.
Did you stop receiving it after taking this measure? You have found the root of the problem, although you still have to solve the error in the firewall. If you do not have sufficient programming knowledge or cannot access the code to identify what is happening with this module, you will need to contact your web server's technical support. In the meantime, we recommend that you re-enable ModSecurity. It is better to be down for a few hours than to compromise the security of your site.
The best solution in this case is to contact your hosting company so that they can cancel the mod security rule that causes the 403 error. Many servers update their anti-hacking rules daily, and sometimes a false positive can sneak in.
This may be the most common cause of the 403 error.
Other possible scenarios for HTTP error 403 and its solution
Next we will talk about other possible triggers of the 403 error and the steps to follow to resolve them.
Error due to access-denied-directories
When you enter an Internet page, you are actually opening files on a computer (as you would on yours, but remotely). If they do not have the appropriate permissions, you will not be able to access the information they contain, which will return a 403 error.
To check if the error is related to permissions, you can install software known as an FTP client on your computer or use the one provided by your hosting company (if so). When entering the directory where your website's domain is hosted, you must verify the properties of the corresponding folders and files, and make sure that they have read permission. You can also do this from the file manager of your server control panel (cPanel, Plesk, etc.)
It may also happen that the directory you are trying to access has a .htaccess protecting its contents. Check that you don't have an .htaccess file with the code:
«deny from all»
Error caused by modifications made to the code
CMS offer the ability to add functionality and customize the appearance of your site. You can do this by manually entering lines of code or installing templates and plugins. Although it is a great advantage to be able to design a website to your liking, there is always the risk of producing conflicts with other elements present on the page, triggering the HTTP forbidden 403. p>
To prevent a code modification from causing the aforementioned error, you should make a backup copy of the module you are working on, constantly save changes and verify that your site is still accessible. You should also check that your website is free of errors every time you install a template or plugin, or update an existing one.
Error after restoring a backup
Every website administrator should perform a routine backup of all content on their site. It is a practice that allows you to recover your valuable information in case a computer attack damages or deletes the original files. It is also convenient when migrating from one hosting to another. There are very powerful tools that can help you carry out this task, some free, others premium.
But you should keep in mind that, on more than one occasion, the 403 error appears after completing the backup installation. When this happens, you must carry out all the checks we mentioned above. You may also need to check the .htaccess file to make sure it points to the correct domain.
Conclusion about the 403 error
Although it is the same status code, there are several causes that can lead to an HTTP 403 failure. The only way to find the reason for the errors is to rule out each of the possibilities. The smartest thing is to start with the simplest solutions.
At the same time, you should be very cautious whenever you make a modification