Ultra Web Hosting Docs

403 Forbidden

A 403 Forbidden error means the server understood your request but refuses to serve the page. Unlike a 500 error, the site is working — the server is deliberately denying access. Here are the common reasons and how to fix each one.

File & Directory Permissions

If a file or folder has the wrong permissions, the server cannot read it and returns a 403. The safe standard values are:

  1. Open File Manager in cPanel.
  2. Right-click the affected file or folder and choose Change Permissions.
  3. Set files to 644 and directories to 755.
Warning Permissions below the readable threshold (for example 600 on a public file) cause a 403. Do not overcorrect to 777 — that is a security risk and is not the right fix.

Missing Index File or Directory Listing Disabled

When you visit a folder with no index.html or index.php, the server tries to list its contents. Directory listing is disabled by default for security, so you get a 403 instead.

Directory Privacy (Password Protection)

If you enabled Directory Privacy on a folder, visitors are prompted for a username and password. A misconfigured or forgotten password protection can present as a 403.

  1. In cPanel, open Directory Privacy.
  2. Browse to the folder in question and check whether protection is enabled.
  3. Disable it if it was left on by mistake, or reset the user's password.

See Directory Privacy for the full setup and removal steps.

An IP, Firewall, or ModSecurity Block

The server firewall or the ModSecurity web application firewall may be blocking a specific IP address or request that looks abusive. This is common if you triggered a security rule — for example by submitting a form with content that looks like an attack, or after too many failed logins.

For a deeper explanation of what triggers these blocks and how to clear them, see Firewall Blocks.

Hotlink Protection

Hotlink protection stops other websites from embedding your images directly. If it is misconfigured, it can also block your own pages or legitimate requests, showing a 403 where an image should be.

  1. In cPanel, open Hotlink Protection.
  2. Confirm your own domain (with and without www) is in the allowed list.
  3. Add any CDN or subdomain hostnames that need to load your assets.

See Hotlink Protection to configure the allow list correctly.

Still Seeing a 403?

If none of the above resolves it, note the exact URL that fails and check Metrics > Errors for the matching log line. Then open a support ticket with those details and your current IP address, and we will investigate.