Fix the 403 Forbidden error

Definitions

The 403 Forbidden error means you don’t have permission to access the website page you’re trying to load. The 403 Forbidden error message varies by web browser, for example:

  • Forbidden – You don’t have permission to access / on this server.
  • 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

Here is a visual example of the 403 Forbidden error:

Before you start

✅ The 403 Forbidden error has two main solutions and they are easy to complete.

⚠️ Typically, the 403 Forbidden error is related to a configuration file and not the hosting network.

ℹ️ Follow the step by step fixes below in order, moving to the next if the previous one does not work.

Step by step

Create an index.php file for your website

Very often a 403 Forbidden error is caused by a missing index.php file.

1. Log in to your hosting control panel

2. Click on the File Manager button

3. Double click on the domains folder

4. Find your website folder and double click on it

5. Look for the public_html folder and double click on it

6. Inside your public_html folder, look for an index.php file. If you don’t find one, you need to create one by following the next steps below. If you do find one, skip down to the next solution instead.

7. If the index.php file is missing, you have to create one. Click on the Create text file button on the left.

8. From the dropdown, select Other…

9. In the File Name field, type index.php and click the Create button

10. Find your index.php file, right click on it, click Edit from the dropdown

11. In your index.php file, put in the default index.php code snippet for your website application. Once completed, click the Save File and then X button to close the session. Here is the default WordPress index.php code snippet and an example of the process:

⚠️ Note: If you don’t use WordPress, make sure to use the default code snippet of your specific application.

<?php
/**
 * Front to the WordPress application. This file doesn't do anything, but loads
 * wp-blog-header.php which does and tells WordPress to load the theme.
 *
 * @package WordPress
 */

/**
 * Tells WordPress to load the WordPress theme and output it.
 *
 * @var bool
 */
define( 'WP_USE_THEMES', true );

/** Loads the WordPress Environment and Template */
require __DIR__ . '/wp-blog-header.php';

12. Return to your web browser and reload your website

Create an index.html_ file for your website

Sometimes a 403 Forbidden error is caused by a missing index.html_ file.

1. Log in to your hosting control panel

2. Click on the File Manager button

3. Double click on the domains folder

4. Find your website folder and double click on it

5. Look for the public_html folder and double click on it

6. Inside your public_html folder, look for an index.html_ file. If you don’t find one, you need to create one by following the next steps below. If you do find one, skip down to the next solution instead.

7. If the index.html_ file is missing, you have to create one. Click on the Create text file button on the left.

8. From the dropdown, select Other…

9. In the File Name field, type index.html_ and click the Create button

10. Find your index.html_ file, right click on it, and click Edit from the dropdown

11. If required, in your index.html_ file, put in any custom code snippets for your website application. Once completed, click the Save File and then X button to close the session.

12. Return to your web browser and reload your website

Report a Modsec security error

In some cases, a 403 Forbidden error gets triggered by a Modsec security rule. Modsec errors indicate an action performed on your website triggered a firewall rule on the hosting network.

1. Open this guide: Check your website error log and apply common fixes

2. Follow all of the steps under the ‘Check your website error log‘ section

3. Check for a Modsec security error. If a Modsec security rule is triggered, it will be shown in the format below. The error will normally always appear as “[MODSEC] mod_security rule” followed by its rule ID.

2023-11-12 09:22:26.457356 [NOTICE] [1812847] [T2] [70.126.138.244:36962-H3:C76CDF23F821D4EE-0#APVH_www.cloudhelpcenter.com:443] [MODSEC] mod_security rule [id "77350123"] at [/etc/modsecurity.d/011_i360_1_infectors.conf:568] triggered!

4. If you see a Modsec error, take note of the Modsec rule ID in your error log. If you see multiple Modsec rule IDs triggered, make sure to note down all of them.

  • For example, in our example above, the Modsec rule ID is: 77350123

5. Submit a ticket to our team and include your website domain name and Modsec rule ID(s).

6. Wait for our team to review and provide a rule exception for your website

7. Once our team confirms the rule exception(s), reload your website