ByteZest

403 Forbidden You Dont Have Permission to Access on This Server

Many web server configurations face issues related to file permissions. It often renders the server inaccessible to visitors and manifests in the form of a "403 Forbidden" error. Usually, the error message is something like "403 Forbidden: you don't have permission to access / on this server". It can be anything in the form of "Forbidden: you don't have permission to access this resource."

Similar issues can also occur due to problems in the Apache and NGINX configuration files or even because of a corrupt .htaccess file. Here are three step-by-step solutions to all of these problems.

What Causes the Apache and NGINX 403 Forbidden Error?

This is a fairly common 403 error on Apache and NGINX's end caused by a myriad of issues. However, in most cases, the error occurs due to the lack of proper permissions needed to access a site publicly. Apart from this, WordPress sites often face this issue due to a bad .htaccess file.

Moreover, since Apache version 2.4, there have been some changes in how directives work. This can also restrict public access to your website and result in a "403 Forbidden" error.

How to Fix the “403 Forbidden” Error as a User

If you're using a website and come across the "403 Forbidden" NGINX or Apache error, first try clearing your browser's cache data and cookies. If you're using a VPN, make sure to disable it just in case an improper VPN configuration is causing the 403 error.

On the other hand, if you're the website administrator, it's worth knowing that most Apache and NGINX 403 Forbidden errors are caused by improperly set file permissions and bad configuration files.

Follow the below-given solutions one by one to get your website working again:

1. Fix File Permissions to Avoid the 403 Error

Most people face this common 403 error due to the lack of proper permissions. If the site admin forgets to enable read access to the outside world, then end-users will be unable to access the requested resource. This is often the root cause of this error.

For example, say you're trying to access a file named textbook.php on a WordPress site and come up with an error saying you don't have permission to access /textbook.php on this server. It implies the file is there, but the site owner has disabled access to public users.

If you're a site admin instead, you need to make sure files intended for public access have proper read permissions. Otherwise, if you're facing this error on a public site, inform the site administrator to solve this issue.

Setting the correct permissions for publicly accessible files can be a bit tricky. That's why admins should start with absolutely zero permissions and add them as needed. It's a good idea to have folders with a permission mode of 755 and files with 644.

For a simple website, the directories need to have execute permission, and files should have read permission. Make sure not to give execute permission on files. Malicious users can gain unwanted access to public servers via such files.

The permission mode for Read, Write, and Execute access is 4, 2, and 1, respectively. So a permission mode of 755 on directories means only the owner has full access to the directory contents. Group users and others can only read and execute. Similarly, the 644 permission mode for files provides read and write access to the owner and only read access to everyone else.

To solve errors like "forbidden: you don't have permission to access this resource on any server", fix your webroot directory permissions. The below command uses the chmod utility to set the directory permissions to 755:

sudo find /var/www/html -type d -exec chmod 755 {} \; 

This command assumes you're using the default document root of Apache to hold your website. If you're using a different directory, replace the directory name accordingly. Use the below command to change all file permissions to 644:

sudo find /var/www/html -type f -exec chmod 644 {} \; 

The above command uses the find utility to locate individual files and sets the correct permission via chmod. The ending {} \ holds the file paths returned by the find command, and the semicolon (;) marks the end of the iteration.

Plus, you can also change file permissions individually. For example, the following command will change the permission of textbook.php on the web root and make it publicly accessible. So next time someone tries to access this file, they won't see the dreaded "you don't have permission to access this resource error."

sudo chmod 644 /var/www/html/textbook.php 

Once you've changed all file permissions as required, restart the Apache or NGINX server to let your changes take effect.

sudo systemctl restart apache2.service
sudo systemctl restart nginx

These commands restart the Apache and NGINX server on Ubuntu, respectively. However, many RPM-based distros like RHEL or CentOS install Apache as httpd. For such systems, use the following command instead:

sudo systemctl restart httpd 

2. Fix the .htaccess File for Your WordPress Website

The .htaccess file serves as a distributed config file and tells the web server how to handle things like configuration changes per directory. Sometimes this file can get corrupted and may result in the "you don't have permission to access / on this server" error.

Luckily, if that's what is causing the 403 error on your server, you can easily fix this by creating a new .htaccess file. To create a new .htaccess file for your website, first, log in to your WordPress dashboard. Then, click on Settings > Permalinks.

You don't have to make any additional changes here. Just click on the Save Changes button and WordPress will generate a fresh .htaccess file for you.

So anytime you see "you don't have permission to access this resource" or "unable to read htaccess file, denying access to be safe" on Apache servers, try creating a new .htaccess file. This method usually works well for WordPress websites.

3. Configure Directives in the Apache Configuration File

Apache 2.4 makes use of a new configuration module named mod_authz_host. This module exposes several new directives. In short, this implements the following rules:

  • Require all granted: Allow all requests
  • Require all denied: Deny all requests
  • Require host safe.com: Only permit requests from safe.com

If you're using Apache 2.4, make sure your main configuration file contains the following block of code. You can check out the contents of this file using a simple text editor like Vim. Add this block in the configuration file if they're missing. Then, you can save and exit Vim.

vim /etc/apache2/apache2.conf 

Code:

<Directory />
   Options FollowSymLinks
   AllowOverride None
   Require all denied
</Directory>
<Directory /usr/share>
   AllowOverride None
   Require all granted
</Directory>
<Directory /var/www/>
   Options Indexes FollowSymLinks
   AllowOverride None
   Require all granted
</Directory>

Moreover, if you're running an RHEL-based web server, you need to ease access to the /var/www section in your Apache configuration file. So make sure the /etc/httpd/conf/httpd.conf file contains the following block of code:

vim /etc/httpd/conf/httpd.conf 

Code:

<Directory "/var/www">
         AllowOverride None
         Require all granted
</Directory>

Finally, restart the Apache server using one of the following commands:

# for Ubuntu and Debian

sudo systemctl restart apache2.service

# for RHEL and CentOS

sudo systemctl restart httpd

Fix the 403 Forbidden Server Permission Error on Linux

A lot of people face the above issue when accessing public websites or configuring their own sites. Resetting the filesystem permission for Apache or NGINX servers should be the first resort. If the error persists even after changing the permissions, try creating a new .htaccess file and ensure directives are set properly in your server configuration file.

There are many more issues that can result in a server-side error similar to this one. You need to be proficient at troubleshooting Linux server issues to get your server up and running in such situations.

ncG1vNJzZmivp6x7rq3KnqysnZ%2Bbe6S7zGiwqK1dmbyvwIyhmK%2BdXaWys7nIrKqip55iwbB5wJyanqujYryvedOhoKxlo5q%2Ft7HRaA%3D%3D

Reinaldo Massengill

Update: 2024-09-21