This is an old revision of the document!

Understanding Error 403 Forbidden

Error 403 Forbidden can be trigger by many things and in this wiki we will show you most of them. Most important think is to check log files when you get the error as there will show in most cases from what it is.

File/Directory permissions

Wrong file or directory permission will show that error. In this case you need to check the permissions and put the right ones.

Wrong file/directory user

Make sure that the file or directory are using the right user. Lets say that your public_html directory is for username “test” and you put a file index.php as user test1. That can trigger the error as the user test1 will not have the right to read the file or the directory.

Deny from .htaccess file

If you have code like: 

 deny from all

or 

 deny from <your ip address>

This mean that the access for the webside is deny or it is deny from IP address. You can simple remove or comment that like with “#

Indexes

Directory indexing is preventing list of the files for the directory but if you do not have index file (index.php, index.html etc) and the autoindex option is ON that will return error 403.

If you have that line in the .htaccess file: 

 Options -Indexes

Try to remove it or put it on: 

 Options +Indexes

Problem/missing PHP Handler

If the php handler is not setup correctly the Webserver will return error 403. This will be showed in the server error log file and you need to check them for more information. After that you need to create the right php handler to resolve the issue.

File restriction

In Litespeed webadmin → Configuration → Server → Security there is a option “Restricted Permission Mask”. If you setup to hight value like 644 you will get error 403 for your pages.

To resolve it you need to change the value to lower.

Mod Security/Waf/fail2ban/CPHulk

Depend what and how much requests you are doing for X website the firewall can block you. In most cases you IP address will be deny in the system firewall (iptables, firewalld etc) and you need to remove your IP address from there.

Throttling

Similar to previous case - if you have strict Throttling rules and you make too many connection that can trigger error 403.

GeoIP/IP2Loc or similar modules

If GeoIP or IP2Loc is allow they can block access to files like wp-login (wp-admin). In this case you need to allow the access.

Error 403 in LiteSpeed WebAdmin

There is a option to restrict the access to the WebAdmin. If you forgot to add you IP address ot if its change you can edit it from the conf file in /usr/local/lsws/admin/conf/admin_config.xml 

 <security>
   <accessControl>
     <allow>XXX.XXX.XXX.XXX</allow>
     <deny>ALL</deny>
   </accessControl>
 </security>

Put your IP address in the allow list. For multi IP addresses its look like this: 

 <allow>XXX.XXX.XXX.XXX, XXX.XXX.XXX.XXX</allow>

Additionally Information

Best way to diagnostic and resolve that error is to check the system configuration, website configuration and the error logs. If you are what is the right configuration for some option that is triggering error 403 you can check the wikis for that.

For example:

For GeoLocation configuration or IP2Location

  • Admin
  • Last modified: 2018/06/29 11:37
  • by Tihomir