There was a problem loading the comments.

I get a 403 Forbidden error. How can I fix or prevent it?

Support Portal  »  Knowledgebase  »  Viewing Article

The 403 Forbidden error can be caused by multiple factors:

  • ModSecurity rule triggered
    • A ModSecurity rule is triggered by one of your scripts or by your request/input. ModSecurity is a WAF (Web Application Firewall) that protects your website from various attacks and commonly known exploits. When a ModSecurity rule is triggered, the web server aborts the process with a 403 Forbidden error.
    • Please contact our technical support department and provide detailed reproduction steps so we can investigate which ModSecurity rule is falsely triggered and whitelist it for your domain. The reproduction steps should include the URL where the error occurs, login details if the location is protected and the pattern that triggers the error.
  • Incorrect file or folder permissions
    • You should make sure that all your files and folders have the following permissions. The permissions may be lower if necessary, but never higher (especially not for configuration files):
      • Folders: 755
      • Files (scripts and static content): 644
    • Our servers are running suPHP/FastCGI, which runs all scripts as their owners. If a file or script has incorrect permissions or isn't owned by your account, the server will consider this a security issue and will deny access with a 403 Forbidden error.
  • Empty folder or no index page
    • Directory indexing is disabled by default for security reasons. If a folder doesn't have an index page or if it's empty, the web server will return a 403 Forbidden error.
  • Unauthorized access
    • You have tried to access a resource that is restricted for your account or isn't owned by your account.
    • Your applications should never attempt to access any files or folders outside of the public_html or tmp folders.
  • Excessive number of active connections
    • LiteSpeed Web Server can temporarily block an IP address for 5 minutes if too many connections are established.
    • As an example, if you open too many pages simultaneously or open a page that has hundreds of static elements, the browser builds up an excessive number of connection to our web server and this behavior can be determined as an attempted DoS attack. This would lead to your IP address being blocked on the web server for 5 minutes.
    • To prevent this, you should wait 5 minutes for the IP ban to expire and try to reduce the number of connections to prevent further IP bans.
    • If you did not open too many pages simultaneously to cause the IP ban, then it could be something in the background on your computer that establishes these connections. You should try a different browser or check your computer in this case.

Share via
Did you find this article useful?  

Related Articles


Add Comment

Replying to  

© MaxterHost