Error 403 Forbidden can be trigger by many things and in this wiki we will show you most of them. Most important think is to check log files when you get the error as there will show in most cases from what it is.

Wrong file or directory permission will show that error. In this case you need to check the permissions and put the right ones.

Make sure that the file or directory are using the right user. Lets say that your public_html directory is for username “test” and you put a file index.php as user test1. That can trigger the error as the user test1 will not have the right to read the file or the directory.

If you have code like:

 deny from all 

or

 deny from <your ip address> 

This mean that the access for the webside is deny or it is deny from IP address. You can simple remove or comment that like with “#”

Directory indexing is preventing list of the files for the directory but if you do not have index file (index.php, index.html etc) and the autoindex option is ON that will return error 403.

If you have that line in the .htaccess file:

 Options -Indexes 

Try to remove it or put it on:

 Options +Indexes 

If the php handler is not setup correctly the Webserver will return error 403. This will be showed in the server error log file and you need to check them for more information. After that you need to create the right php handler to resolve the issue.

In Litespeed webadmin → Configuration → Server → Security there is a option “Restricted Permission Mask”. If you setup to hight value like 644 you will get error 403 for your pages.

To resolve it you need to change the value to lower.

Depend what and how much requests you are doing for X website the firewall can block you. In most cases you IP address will be deny in the system firewall (iptables, firewalld etc) and you need to remove your IP address from there.

Similar to previous case - if you have strict Throttling rules and you make too many connection that can trigger error 403.

If GeoIP or IP2Loc is allow they can block access to files like wp-login (wp-admin). In this case you need to allow the access.

There is a option to restrict the access to the WebAdmin. If you forgot to add you IP address ot if its change you can edit it from the conf file in /usr/local/lsws/admin/conf/admin_config.xml

 <security>
   <accessControl>
     <allow>XXX.XXX.XXX.XXX</allow>
     <deny>ALL</deny>
   </accessControl>
 </security>

Put your IP address in the allow list. For multi IP addresses its look like this:

 <allow>XXX.XXX.XXX.XXX, XXX.XXX.XXX.XXX</allow>