A "403 Forbidden" error is a response code from Apache when the requested action cannot be completed for security reasons.
There are a few common things that could be happening to cause this, such as:
- .htaccess file rules
- Inadequate permissions on a file
- Incorrect ownership of a file
The easiest way to determine the cause of a 403 error is to use the 'tail' command to tail the Apache error log while replicating the 403 error in your browser by refreshing the page you see the 403 error on:
-bash-4.2# tail -fn0 /etc/apache2/logs/error_log
[Wed May 20 00:45:52.779769 2020] [core:crit] [pid 4292] (13)Permission denied: [client 10.3.17.102:57708] AH00529: /home/user/public_html/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that '/home/error/public_html/' is executable
The above error indicates an issue with being able to access the .htaccess file. When checking files that Apache reports a permission issue with, we need to ensure that they have correct permissions (644 for most files, 755 for most directories) and that they have the proper ownership.
If we check the above file, we can see that it is owned by an improper user (root instead of the cPanel user) and it has incorrect permissions (0000 instead of 644):
-bash-4.2# stat .htaccess
Size: 32 Blocks: 8 IO Block: 4096 regular file
Device: fd01h/64769d Inode: 41943223 Links: 1
Access: (0000/----------) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2020-05-20 00:45:38.475038048 -0500
Modify: 2020-05-20 00:45:35.593015030 -0500
Change: 2020-05-20 00:45:35.595015046 -0500
If we correct these permissions, we should be on our way to having a working website. This can be doing using the 'chmod' command to change the permissions:
-bash-4.2# chmod -v 644 .htaccess
mode of ‘.htaccess’ changed from 0000 (---------) to 0644 (rw-r--r--)
and the 'chown' command to change the ownership:
-bash-4.2# chown -v user. .htaccess
changed ownership of ‘.htaccess’ from root:root to user:user
This can also be done through file manager in the cPanel interface, we have some great information on File Manager here.
One other common item that causes 403 errors are .htaccess rules such as 'Options -Indexes' or 'deny from' rules:
-bash-4.2# cat .htaccess
deny from all
The 'Options -Indexes' rule prevents a directory from being loaded if there is no 'index' file present, such as an index.php or index.html. The 'deny from' rule will deny access to the website to specific IP addresses, IP ranges, or all depending on the .htaccess rule that is used. When an .htaccess rule is causing a 403 page, the Apache error log will generally resemble this:
[Wed May 20 00:55:52.778579 2020] [access_compat:error] [pid 4292] [client 10.3.17.102:57869] AH01797: client denied by server configuration: /home/user/public_html/
These can be corrected by adding an index file (in the case of Options -Indexes) or removing the 'deny from all' line from the .htaccess file.