Magento users often see 403 Forbidden error when working with their online store.
Generally, Magento 403 error occurs when web servers like Apache/php-fpm doesn’t have enough permission to access the website directory.
And, it happens when there are problems with file permissions, ModSecurity or bad rules in .htaccess file.
That’s why, we often handle requests to fix 403 error in Magento as part of our Server Management Services.
Today, we’ll see the reasons for this error and how our Magento Engineers fix 403 error.
Why 403 Error on Magento server?
One of the main advantages of Magento store is the ability to handle a vast number of products at a time. It can support up to 500,000 products per site, and handle more than 80,000 orders per hour. So, it is very imported not to generate an error while users searching for a product.
However, Magento servers may show an error 403 Forbidden due to problems like incorrect file permissions and wrong rule in .htaccess file.
An instance of how 403 error looks like:
How we solve 403 error in Magento 1 and Magento 2
Now, let’s see the most common reasons and how our Support Engineers fix it.
1. Incorrect file permissions
Wrong permissions always create problems with Magento websites.
In order to protect the server from any hacking attempt, the hosting providers set folder permission to 755 or 750 and file permission to 644 by default.
So, if someone contacts us with 403 error, our Support Engineers make sure that all files and folder have enough permission to run on the web server.
Once we find that the permissions are incorrect, we execute the following commands from the root directory of your Magento installation to set the right permission.
find ./ -type f | xargs chmod 644 find ./ -type d | xargs chmod 755 chmod -Rf 777 var chmod -Rf 777 media
2. Wrong rules in .htaccess
Sometimes, errors like 403 are caused by bad rules in .htaccess which blocks access to some files, directories or the whole website. If .htaccess contains Options All -Indexes, the Indexes option checks if directory views are activated or not.
Our Support Engineers solved the issue by removing -Indexes from the .htaccess file for the websites that showed 403 error.
3. Missing <username>.conf
In Magento 2, missing web server config file also create problems.
1. Initially, we find the username of the website.
2. If the config for this user doesn’t exist, we create it.
cd /etc/apache2/user/ touch <username>.conf
3. After that, we open the file <username>.conf.
sudo vi /etc/apache2/user/<username>.conf
4. Then, we add the following entry to it.
<Directory "/Users/<username>/Sites/"> AddLanguage en .en LanguagePriority en fr de ForceLanguagePriority Fallback Options FollowSymlinks Indexes MultiViews AllowOverride All Order allow,deny Allow from localhost Require all granted </Directory>
5. Nex, we add
Include /private/etc/apache2/extra/httpd-userdir.conf to /etc/apache2/httpd.conf.
Also, uncomment the line
Include /private/etc/apache2/users/*.conf in the file httpd-userdir.conf.
6. At last, we restart Apache server.
[Getting error on Magento website? Our experts can help you.]
In short, Magento 403 error can be fixed by correcting the permission and ownership of the Magento files. Today, we saw how our Support Engineers fixed this error in Magento.