A "403 You don't have permission to access x in this server" error message indicates that guests do not have permission to view the file in question. There are three possible causes for this:
File Permissions - Each individual file on your hosting account has its own permission number which controls precisely who can access that file. You can read more about file permissions here. Suffice it to say, on Valcato Hosting server most files should have a permission value of 644, whilst directories should have a permission number of 755.
So the first thing to check is the file permission number of the file you are trying to access. This can be done using an FTP client such as FileZilla or the cPanel File Manager by right-clicking on the filename and selecting File Permissions. In the Numeric Value field, ensure that the appropriate permission number is specified, and if not, change it.
Password Protection - Access directories can be restricted to visitors who know the correct username and password. You'd typically encounter the 403 Forbidden error message after seeing a username/password prompt and entering incorrect details or clicking Cancel. The password protection can be created, removed and username/password changed via the Directory Privacy page within cPanel. On the next screen select the directory you are trying to access and untick the "Password protect this directory" checkbox to remove password protection on a directory.
Password protection can also be set up outside of cPanel by creating a .htaccess file which specifies the access rules for a directory. Please use an FTP client such as FileZilla to look for any files called .htaccess on your website, and try temporarily removing them.
ModSecurity - ModSecurity is a commonly used intrusion detection and prevention engine for Apache webservers. It is installed on Valcato Hosting servers to proactively block suspicious behaviour on your websites. For example it will block attempts to exploit known vulnerabilities in outdated versions of scripts such as Wordpress and many others. The aim is to ensure the integrity of our services and good reputation of our mail servers for all customers by preventing a single customer's website from being attacked. We use Comodo ModSecurity Rules along with a few of our own which tells the server which requests might be suspicious and should therefore be blocked. When ModSecurity blocks a request you will encounter a 403 Forbidden error.
Sometimes false positives can occur, whereby a totally legitimate file or process is mistakenly added to the rule set, resulting in parts of your website ceasing to function. Should this happen, click the ModSecurity icon within cPanel and toggle the switches for your individual subdomains to the Off position, or even click the Disable button to switch it off entirely for your account.
If you still encounter a 403 Forbidden error after trying these three steps, please review your error log file and that should provide a clue as to the cause.
