403 Forbidden – You don’t have permission to access … on this server

403 Forbidden – You don’t have permission to access … on this serverAn htaccess file can be used in many situations, one of them being user restriction. This comes in very handy, especially when you want to host multiple websites on a single web server.




The hierarchy might be something like this:

  • root folder: www, public_html, …
    • sub folder : website 1
    • sub folder : website 2
    • sub folder : website 3


Restrict access to all websites

If you want to prevent users getting access to any of these websites, it’s common sense to place a .htaccess file in your root folder like this one:

AuthType Basic
AuthName "Restricted Area"
AuthUserFile /path/to/your/encrypted/password/file/.htpasswd
Require valid-user


Restrict access to a particular website

If you only want access being blocked to some particular website(s), one way of doing this is to follow these 2 steps.


Step 1

Change the above file in your root web folder:

AuthType Basic
AuthName "Restricted Area"
AuthUserFile /path/to/your/encrypted/password/file/.htpasswd


Step 2

As you’ve seen, we got rid of our last statement. As a consequence, visitors have now access to all our websites. That’s not exactly what we want… Suppose we want to restrict access to our second website. The only thing we have to do is generate a new .htaccess file. This file has to be put in sub folder 2, and there we add the missing statement like this:

Require valid-user


How does this work?

When a user wants to navigate to one of our public websites, the .htaccess file in our root folder will be triggered. However, there’s nothing there that explicitly restricts access, so they’ll be able to see the entire website.

Now, if they navigate to our second, secured website (the one we prevented users from gaining access to) the local htaccess file will be triggered, complementing the instructions from our root folder htaccess file.

We can simply copy this local htaccess file to every web folder we want access to be blocked.


Internal Server Error

Ok, this should work out of the box! However, recently I got the following error:

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, webmaster@localhost and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.


What went wrong here?

There was nothing wrong with the above settings. Both the htaccess and the htpasswd file were edited correctly. However, there was a misspelling of the htpasswd file. Be aware that it’s written exactly like this:


It's only fair to share...Share on Facebook
0Tweet about this on Twitter
Share on LinkedIn

Leave a Reply