1. Home
  2. References
  3. Technical Advice
  4. How to Manage 403 Errors On Your N0C Hosting
Searching...

How to Manage 403 Errors On Your N0C Hosting

Fabrice Q. Conseiller Technique

Introduction

A 403 error means that access to a page or resource on your website is prohibited. It can occur for a variety of reasons. But do not worry: it can usually be fixed quickly.

In this article, we will show you how to diagnose and resolve a 403 error. We will use tools available in your N0C control panel.

Note : The glossary contains explanations on a variety of topics and can be consulted to clarify certain terms.

Prerequisites

Enter the following address in your web browser: https://mg.n0c.com/en/.

Possible Causes of 403 Errors

Once you understand what a 403 error is, it is useful to identify the most common causes. This allows you to pinpoint the source of the problem more quickly and choose the right corrective actions.

  • Web application firewall (WAF). The WAF may block certain requests based on security rules such as suspicious paths, abnormal behavior, or known attack signatures.
  • File permissions. Incorrect permissions can prevent access to certain files or folders on your site.
  • .htaccess files. Incorrect configuration or restrictive rules in these files can block access to certain resources.
  • Software functions, such as header() in PHP. Incorrect use of HTTP headers in your code can also cause a 403 error.
  • CSF (ConfigServer Security & Firewall). This server firewall can block requests based on various criteria (IP, user-agent, etc.).

Web Application Firewall (WAF)

The WAF protects your site by automatically blocking malicious requests, such as SQL injection attempts or penetration testing (pentesting). It filters requests before they reach your application.

However, there are rules that can sometimes block legitimate actions, particularly with certain plugins or CMS modules such as WordPress or PrestaShop. This can result in 403 errors, known as “false positives.”

In this case, the tools available in your N0C panel allow you to accurately diagnose the rule in question and adjust it as needed, while maintaining good overall security.

Procedure

Step 1 – Generate a 403 Error

Try to reproduce the 403 error on your site or admin interface (e.g., access a specific page or use a feature that triggers the block). This will create an entry in the firewall logs.

403 error example

Step 2 – Note Important Informations

Immediately after reproducing the error, note the following information:

  • The exact date and time, including the time zone.
  • The public IP address, which you can find via votreip.org (French site).

This data will make it easier for you to find the exact corresponding event in the logs.

Step 3 – Identify Blocks Via The Firewall Log (WAF)

The firewall logs are accessible from your N0C interface. They allow you to find the rules that caused a block, often related to sensitive interfaces such as back offices. Please refer to the article How to Configure the Web App Firewall (WAF) and View Firewall History for additional details.

Go to Security -> Firewall Protection History. There you will find details of the blocked event: the URL in question, the type of request, the source IP address of the error, and, most importantly, the RULE ID that triggered the protection.

Details of the blocked event displayed in N0C

Important – Carefully check the source IP address of the block.

Before modifying or disabling a WAF rule, make sure that the blocked request is coming from your own IP address and not from a third party.

It is common for automated attacks—using scanners, bots, or exploitation attempts—to generate 403 errors. Unblocking a rule without checking the source IP can dangerously reduce your site’s security by allowing truly malicious behavior.

Reminder: every website online is constantly subject to attack attempts, even if there are no visible symptoms. Therefore, be vigilant when interpreting firewall logs.

Step 4 – Adjust Security Rules

Once you have identified the problematic rule, you can disable it individually.

To do this, go to: Security -> Web Application Firewall (WAF) -> CUSTOMIZE RULES.

Search for the rule by its ID, then disable it if it is blocking a legitimate action on your site. It is recommended that you only disable rules that are strictly necessary in order to maintain a good level of protection.

Disable the security rule with N0C

For more information, see our article on this topic: How to Configure the Web App Firewall (WAF) and View Firewall History.

File Permissions

403 errors can also be caused by incorrect permissions on your site’s files or folders. Here’s how to diagnose and fix this type of problem using your N0C interface.

In the browser, an error message such as: “You don’t have permission to access this resource” or “Server unable to read the file, denying access to be safe” may indicate a permissions issue.

Error message for 403

Step 2 – Make a difference with WAF blocking

This type of error does not appear in WAF logs, but only in access logs. This confirms that it is not a WAF false positive.

  • Access log: Domains -> Access log.
  • WAF log (for comparison): Security -> Firewall protection history.
Access Log filtered to show only errors 400
Access Log filtered to show only errors 400
Example of a 403 error in the Access Log
Example of a 403 error in the Access Log

Step 3 – Check Permissions in File Explorer

As explained in the article How to use File Manager, open File Manager from Files -> File Manager.

Check the permissions for the file or folder in question, as well as those for its parent folders.

  • Directories containing executables (such as public_html, wp-content, etc.) should generally have 755 permissions.
  • Files (such as .php, .html, .htaccess etc.) should have 644 permissions.

Step 4 – Correct Permissions

In the File Manager :

  1. Right-click on the problematic file or folder.
  2. Select Permissions.
  3. Correct the values if necessary (for example, 644 for a file, 755 for a folder).
Changing permissions in the N0C File Manager

Once you have adjusted the permissions, reload your site to check if the 403 error has been resolved.

.htaccess Files

A 403 error can also be caused by incorrect configuration in an .htaccess file. These files are very powerful, but a single incorrect directive can result in certain resources or visitors being unintentionally blocked.

The message displayed in the browser will usually be similar to: “Forbidden – You are not authorized to access this resource.

Step 2 – Differentiate From A WAF Block

As with permission errors, this type of error only appears in access logs, not in WAF logs.

  • Access log: Domains -> Access log.
  • WAF log: Security -> Firewall protection history.

Step 3 – Check All Relevant.htaccess Files

Use the File Manager: Files -> File Manager.

Locate all.htaccess files located between the document root (visible in Domains -> Domain Management) and the directory of the affected page.

Common errors include:

  • An incorrectly formatted rule (incorrect syntax).
  • An IP block (Deny from / Require not).
IP block
  • User-agent filtering.
User-agent filtering
  • An incorrect redirection directive.

You will find a more detailed guide on managing blocks using .htaccess in our article How to Use .htaccess to Filter Out Malicious Robots and Requests.

Step 4 – Modify or Remove Problematic Rules

In File Manager:

  1. Right-click on the suspicious.htaccess file.
  2. Select Edit File.
  3. Determine which rules may be causing a 403 error, then correct or temporarily comment them out (# at the beginning of the line).

Remember to save your changes.

Step 5 — Clear the LSCache Cache

For the rules to take effect, it may be necessary in N0C to clear the cache for the domain in question (see the article How to use LSCache).

Step 6 — Reload the Page and Check the Result

Once the rules have been modified and the cache cleared, refresh the page in question in your browser to see if the 403 error has disappeared.

If the error persists:

  • Review the ..htaccess files further up in the directory tree again.
  • Check that no other directives (or browser cache) are continuing to interfere.

Software Functions

Some 403 errors are not caused by the server or security rules, but are generated directly by your site’s code. For example, a condition in a PHP file may decide to block access to a resource based on business logic or an unexpected state (such as header() in PHP).

Step 1 – Enable PHP Error Display

To facilitate diagnosis, start by enabling error display in your code. This can be done using one of the following methods.

  • Enable display in N0C -> Langages -> PHP -> Options -> display_errors to see the errors directly in the page.
Seeing the errors directly in the page
  • By enabling error logging to a file by activating it in N0C -> Langages -> PHP -> Options -> log_errors and by chosing a log file in N0C -> Langages -> PHP -> Options -> error_log.
Enabling error logging to a file
Error log filename
  • By placing these lines at the top of your input file (often index.php) or at a strategic execution point:
ini_set('display_errors', '1');
ini_set('display_startup_errors', '1');
error_reporting(E_ALL);

This will make it easier to spot logical errors or unexpected behavior.

Step 2 – Trace the Execution of the Code

Add temporary instructions (echo, var_dump(), die(), etc.) at various points in your code to track the execution flow from the entry point to the location where the error is generated.

For example:

echo 'Checkpoint 1';
...
echo 'Checkpoint 2';

Continue in this manner, function by function, until the last point where the code executes normally.

Step 3 – Identify the Source of the 403 Response

You will often end up finding a condition that triggers a voluntary block, such as:

if ($sky === 'blue') {
    http_response_code(403);
    exit;
}

These instructions are sometimes added by a developer or an extension to control access to certain resources or for testing purposes.

Step 4 – Correct or Adjust the Application Logic

Once the blockage has been located:

  • correct the condition if it is too restrictive or inappropriate;
  • add logs to better understand the context; and
  • check user permissions and roles if the logic is based on them.

Step 5 – Clean Up the Code After Correction

Once the cause of the blockage has been identified and corrected, remember to remove all debugging elements added during diagnosis:

  • Remove all echo, var_dump(), ou die() statements.
  • Reset the error display settings if you have modified them, such as ini_set('display_errors', '0').
  • If you have modified sensitive files, remember to clear the cache.

This will prevent technical information from being exposed in production or disrupting the normal operation of the site.

Note — If You Are Using a Framework or CMS

Many development environments (frameworks such as Laravel or Symfony) or content management systems (CMS such as WordPress, PrestaShop) use custom error handlers, middleware, or internal access control systems. In these cases:

  • The header() function can be encapsulated or hidden.
  • 403 errors can be returned by a component such as a router, internal firewall, or controller.

In these contexts, it is recommended to enable the native debug logs of the system in question (e.g., APP_DEBUG=truein Laravel.env, WP_DEBUG in WordPress, etc.) and to use the tools provided by the framework to trace behavior (monolog, debugbar, etc.).

CSF

On our N0C infrastructure, one of the CSF (ConfigServer Security & Firewall) firewalls is used to protect servers against behavior considered abusive or suspicious. Among other things, this includes an excessive number of failed connection attempts (e.g., repeated attempts to connect to IMAP, POP, SMTP, SSH, FTP, or even via the N0C interface).

In these cases, the user’s IP address may be blocked by CSF, resulting in a 403 error on all attempts to access the servers, including websites, email messages, and the customer area.

Fortunately, N0C offers an easy-to-use self-unblock feature.

Step 1 – You Encounter A 403 Error

Are you seeing a 403 error on your website, in addition to suddenly being unable to access your email account (webmail), synchronize your emails, FTP, or N0C interface? This may be due to your IP address being blocked by CSF. For more details, please refer to the article How to Open a Roundcube Email.

Step 2 – Differentiate From a WAF Block

As with permission errors, CSF blocks do not appear in the WAF log, but only in the access logs.

  • Access log: Domains -> Access log.
  • WAF log: Security -> Firewall protection history.

Step 3 – Check Your Email (Webmail) For an Auto-Unblock Message

Please go to the following address: https://[yourdomain.com]/webmail.

If your IP address is blocked by CSF, a custom error page will be displayed with an information message and a self-unblocking form via CAPTCHA.

Custom error message if IP address blocked by a CSF

Step 4 – Complete the Self-Unblocking Form

Follow the instructions on the page to confirm that you are a legitimate human user via a simple CAPTCHA. Once the form has been submitted, your IP address will be unblocked immediately if the request is compliant.

Conclusion

403 errors can have several causes: a restriction imposed by the application firewall (WAF), a security block by CSF, incorrect file permissions, an incorrectly formulated .htaccess rule, or even behavior defined in your application code.

With the diagnostic tools available in your N0C control panel (access logs, WAF logs, file manager, and unblocking tools), you have all the resources you need to quickly identify the cause and apply the appropriate corrective actions while maintaining a good level of security.

If you have any doubts or persistent difficulties, please consult the additional documentation available elsewhere in the knowledge base or contact technical support.

Updated on September 12, 2025

Related Articles