Have you ever been confused by the message 403 forbidden when operating or browsing a website? However, there may be cases where you don’t know the specific solution and are worried about what to do.
Therefore, in this article, we will explain the causes of the 403 forbidden error and specific solutions. We will also introduce HTTP status codes other than 403 forbidden, so please refer to them.
What is 403 forbidden (403 error)?
First, I will explain the meaning of 403 forbidden. 403 forbidden is an HTTP status code that indicates that the website is prohibited from being viewed. An HTTP status code is a code sent by a web browser to a user.
403 forbidden is also called “403 error”, and 403 is the HTTP status code. If you have a 403 forbidden page, there is a risk that your ranking from
search engines
will drop. If this happens, the effectiveness of your
SEO
efforts will be diminished. Therefore, if the website operator is in a 403 forbidden state, it is important to take measures as soon as possible.
Another typical error is 404 not found.
Cause of 403 forbidden
There are many reasons why 403 forbidden can occur. Therefore, it is important to investigate the cause as soon as possible. Some examples of causes for a 403 forbidden are:
Let’s look at each in turn.
index page does not exist
First of all, the reason why 403 forbidden occurs is that the index page (file) does not exist.
If either “index.php” or “index.html” does not exist, 403 forbidden will be displayed on the screen. So let’s check if the index file exists on the server.
Not uploaded to the correct directory
403 forbidden will appear even if the file is not properly uploaded to the appropriate directory on the web server.
When publishing content from a web server, there are multiple FTP clients that can publish content. Therefore, it is possible that the FTP client is incorrect or the directory is inappropriate.
After uploading your files to the directory, check to see if your website URL is visible online.
Access or ownership
There may also be a case where the website operator has made a mistake in setting access rights or ownership. This means that you are blocking it by mistake even though you should be allowed to view it.
For example, there is no problem in denying access to malicious websites or users. However, if there is no need to refuse, please check the access rights and ownership again.
Also, please be aware that there are cases where the “.htaccess” is written incorrectly due to a mistake on the part of the website operator.
Too much access load
In particular, if you are running a website using a rental server, there may be cases where 403 forbidden is displayed due to excessive access load. In particular, if you haven’t made any major changes to your website and suddenly a 403 forbidden message appears, this excessive access is often the cause.
If you are renting a rental server, it is a good idea to check in advance how much access it can withstand per month and number of simultaneous connections. If the current number of accesses is high and it is dangerous, we recommend that you consider upgrading your plan.
DNS issues
In rare cases, 403 forbidden may be displayed due to incorrect domain settings. Usually the error occurs on the network, but in this case it means a 403 forbidden state on the web server. Therefore, make sure that your domain and DNS are properly configured.
Server account is suspended
A “403 forbidden” error will also occur if the server account is suspended. Even if you have an account, if your account is suspended for any reason, the server will also be suspended.
In such cases, check to see if you are violating the terms and to see if you have received a warning via email. If you can view the management screen, also check the server usage status of the management screen.
Malfunction of WAF function
A “403 forbidden” error may also occur due to a malfunction of the WAF function.
What is WAF function?
WAF is an abbreviation for “Web Application Firewall” and refers to a security measure that protects websites from attacks that target vulnerabilities in web applications.
Internet banking and e-commerce sites, where customer information and credit card information are exchanged, are mainly protected.
WAF is not built directly into an application, but is installed in front of a web server to collectively protect multiple web applications running on the server.
Malfunctions due to being powerful
Due to these characteristics of WAF, it functions as a very strong security, and if the security level is made too strict, in rare cases, even administrator actions or normal communication may be judged as unauthorized, causing a “403 forbidden” error. There is.
In such a case, check the WAF settings from the server management screen, and if it is turned on, there are solutions such as “turning it off and turning it on again” or “configuring WAF exclusion settings.”
WAF settings vary depending on the company providing the rental server, so we recommend contacting support.
403 Types of forbidden
There are many types of 403 forbidden. Here we will introduce one example.
Now that these types exist, we will now introduce how to solve 403 forbidden.
How to deal with 403 forbidden
There are many types of 403 forbidden, but the basic solution is the same.
We will explain each solution in turn.
Checking permissions (file access rights)
First, let’s check the permissions (file access rights). It is important to check that settings such as owner, other users, and ownership group are appropriate. Also, there is a possibility that the “.htaccess” description is simply inappropriate, so please check that as well.
Does the index file exist in the directory?
403 forbidden will be displayed even if “index.php” or “index.html” does not exist. Therefore, let’s check if the index file exists in the directory.
Basically, most cases can be resolved using the above two methods. If you cannot resolve the issue, please check your DNS and domain settings.
In some cases, the problem may resolve itself if you wait a few hours.
So far, we have explained the outline and causes of 403 forbidden. In fact, website administrators may be confused if 403 forbidden suddenly appears. However, there are cases where 403 forbidden can be resolved by waiting a few hours.
This is because the reason why many 403 forbidden messages are displayed is due to excessive access. Due to too many accesses, the server is overloaded and the website is temporarily unable to display.
However, it is of course possible that 403 forbidden is displayed due to other reasons, so it is important to investigate the cause as soon as possible.
Cannot be handled by the user
So far, we have explained the causes of 403 forbidden on the website administrator side. On the other hand, many people may be wondering if there is any way to resolve the issue on the user side. Unfortunately, this cannot be resolved by the user.
Ultimately, 403 forbidden is a problem with the website’s domain, DNS, or server side. Therefore, unless you have access to these, it is impossible to resolve them.
If you see a 403 forbidden on a website you want to visit, wait a few hours and try again.
HTTP status code other than 403 forbidden
Below, we will explain HTTP status codes other than “403 forbidden”.
| 200s (successful response) | 200 OK |
| “200 OK” is an HTTP status code that indicates that the request to the server has been successfully processed and can be viewed without any problems. If the page is displayed normally in the browser, it will most likely return “200 OK”. | |
| 202 Accepted | |
| “202 Accepted” indicates that the server side has accepted the request, but processing has not been completed. It is possible that the process has occurred but not completed, or that the process has not yet started. There is also a possibility that the processing will be refused. I don’t know if it will be processed in the end. | |
| 300s (redirect) | 301 Moved Permanently |
| “301 Moved Permanently” is displayed when the requested page has been permanently moved. If “301 Moved Permanently” is displayed when changing from the old URL to the new URL and the transfer process goes well, you can inherit the SEO rating. | |
| 302 Found | |
| “302 Found” is displayed when the requested page is temporarily relocated. The difference from “301 Moved Permanently” above is whether it is permanent or temporary. It is used when performing website maintenance or when publishing pages for a limited time. | |
| 400s (client error) | 400 Bad Request |
| “400 Bad Request” is displayed when the server side could not process the request. Returned as a general client-side error when the server determines that none of the server-side status codes apply. “400 Bad Request” suggests that there is already a problem with the client-side request before processing begins on the server-side. | |
| 404 Not Found | |
| “404 Not Found” is displayed when the server is unable to access the requested page. This appears when the page does not exist or the server is down. This often occurs when a page is deleted and no appropriate action is taken, resulting in broken links. From the perspective of user abandonment, take countermeasures such as setting up an original error page to encourage users to move to a different page, or deleting the link itself. | |
| 500s (server error) | 500 Internal Server Error |
| “500 Internal Server Error” is displayed when an error occurs on the server side. This is returned when the request cannot be executed due to a problem on the server side even if there is no problem on the client side. Even if the server is normal, if the application is stopped, a “500 Internal Server Error” will be returned. | |
| 502 Bad Gateway | |
| “502 Bad Gateway” is displayed when the “gateway” or “proxy server” that connects the client and server receives an abnormal or invalid request and rejects the request. The difference from the above-mentioned “500 Internal Server Error” is that there is a problem with the server itself, or with the gateway or proxy server equipment. | |
| 503 Service Unavailable | |
| “503 Service Unavailable” is displayed when the website is temporarily unavailable due to some reason such as overload or server maintenance. For example, this occurs when the server-side browsing restriction function is activated. In most cases, the “503 Service Unavailable” error, which occurs when the amount of access to the server increases rapidly and the load exceeds the server’s capacity, cannot be quickly recovered. In such cases, the only way to return to normal is to wait until the traffic volume decreases. In order to avoid such errors, you need to choose a server with sufficient capacity or take measures to increase the transfer speed. |
How to check HTTP status code
The following explains how to check the HTTP status code.
Use Googlechrome
To check the HTTP status code in Googlechrome, press the “F12 key” while the browser is active, or right-click on the browser you are viewing and click “Verify” from the menu.
The developer tools will then launch in your browser, so click “Network” from the menu field at the top of the screen.
Then, the HTTP status code will be displayed as shown above.
Use HTTP Status Code Checker
To check the HTTP status code using HTTP Status Code Checker, access the HTTP Status Code Checker (https://httpstatus.io/) site, enter the target URL in the box, and click “Check status”. Click. (You can enter multiple target URLs)
:max_bytes(150000):strip_icc()/shutterstock_260012552-403-forbidden-5a2eecaa22fa3a0037adc0d2.png)
Then, the HTTP status code of the checked URL will be displayed as shown below.
The useful thing about this tool is that you can check target URLs all at once, and you can download the results in CVS format. By checking and outputting multiple URLs at once and compiling them into a list of target URLs for improvement, you can efficiently improve your web pages.
summary
In this article, we have explained about 403 forbidden. 403 forbidden is an HTTP status code that indicates that the website is prohibited from being viewed.
403 forbidden appears because the index page does not exist or has not been uploaded to the appropriate directory.
If 403 forbidden is displayed, check the permissions and the existence of the index file.
First of all, why not try to find out the reason why 403 forbidden is displayed?