Troubleshoot HTTP Error 403.14 – Forbidden in IIS

• Author
• Recent Posts

Surender Kumar

Surender Kumar has more than twelve years of experience in server and network administration. His fields of interest are Windows Servers, Active Directory, PowerShell, web servers, networking, Linux, virtualization, and penetration testing. He loves writing for his blog.

Latest posts by Surender Kumar (see all)

• Configure a private DNS server in Docker - Fri, Mar 24 2023
• Store secrets in AWS Secrets Manager - Fri, Mar 17 2023
• Install Windows 10 / 11 22H2 without Microsoft account - Tue, Feb 28 2023

HTTP Error 403.14 – Forbidden

HTTP Error 403.14 Forbidden

The HTTP Error 403.14 – Forbidden is displayed when you try to access a website hosted on IIS having detailed errors enabled. As you can see in the screenshot, the error page says The Web server is configured to not list the contents of this directory and also indicates the most likely causes of this error.

If the detailed errors are not enabled, you will see a custom error page with a generic message: 403 –Forbidden: Access is denied.

403 Forbidden Access is denied

Cause of error

As indicated by the detailed error page, there are three likely causes of this error:

1. Directory browsing is not enabled—Directory browsing is the ability of a web server to list the contents of the website's root directory in a web browser. The following screenshot shows what a website looks like when directory browsing is enabled:

What a website looks like in a browser when directory browsing is enabled

As you can see in the screenshot, directory browsing enables visitors to view files and browse through the directories. The chances are pretty slim that you want your website to look like this.

2. Default document is not configured—The default document is a file that is served by the web server when the client does not specify a particular file in a uniform resource locator (URL). By default, web server software recognizes file names such as default.htm, default.html, default.aspx, index.html, index.htm, etc. The following screenshot shows a list of default documents supported by IIS:

Viewing the default document for a website in the IIS Manager

To add a custom default document (e.g., awesomehome.html), click Add and then type the name of the default document. You could even change the order of documents by selecting one and then clicking the Move Up or Move Down options in the Actions pane on the right.

3. The ASP.NET feature is not installed on the server—The default documents, such as aspx and index.html, only work with websites that use traditional frameworks. With modern frameworks and programming technologies such as MVC, the default pages are defined and handled right inside the application code by the developers. So, if your website is using MVC or a similar technology, you need to install the ASP.NET feature on the server. See how to install ASP.NET on the web server.

Resolving the error

We covered the possible causes of this error in the previous section. Now, depending on your scenario, you could try the following steps to fix this error:

Directory browsing is not enabled

If you know that your website should list the contents of the root directory so that visitors can browse the files and folders, you need to enable the Directory Browsing option, using either the IIS Manager or the web.config file.

Enable directory browsing using the IIS Manager

Open the IIS Manager, select your website, and then double-click the Directory Browsing option under IIS in Feature view.

Viewing the directory browsing feature in the IIS Manager

Now click Enable in the Actions pane on the right.

Enabling directory browsing using IIS manager

Enable directory browsing using the web.config file

If you're using a shared hosting server, you could enable directory browsing using the web.config file itself:

Open the web.config file and paste the following code between the <system.webServer> and </system.webServer> tags:

<directoryBrowse enabled="true" />

Enable directory browsing using the web.config file

Default document is not configured

If your website uses a traditional framework and you see a file with a name such as default.aspx, index.html, or index.php in the website's root directory, make sure the same filename is also available in the list of default documents. You could even ask the developer about the name of the default document for your website. For instance, I know that my website is supposed to use home.html as the default document. Therefore, I will add it either using the IIS Manager or the web.config file. See the following screenshots for reference:

Adding a default document for the website using the IIS Manager

Adding a default document to a website using the web.config file

ASP.NET is not installed on the server

If neither of the above solutions works, it is likely that your website is using MVC or a similar technology that requires the ASP.NET development feature on the server, and it is not currently installed. This error is common when you try to host an MVC website on a web server for the first time. To install ASP.NET, use the following PowerShell command:

Install-WindowsFeature Web-Asp-Net45 -IncludeAllSubFeature

This command installs ASP.NET 4.5 or higher on the web server, and your MVC website will start working.

If your website is supposed to use a legacy version of ASP.NET (e.g., 3.5 or below), use the following command instead:

Install-WindowsFeature Web-Asp-Net -IncludeAllSubFeature

Installing ASP.NET on a web server using PowerShell

Common 403 substatus codes

The following table covers some common HTTP 403 substatus codes, along with their possible causes and troubleshooting advice:

Conclusion

The key to troubleshooting any IIS-related error is to enable the detailed errors. When the detailed errors aren't helpful in revealing the actual HTTP status and substatus codes, you could use Failed Request Tracing to understand what's going on with the HTTP request. I hope you find this post helpful.