In a previous post, you learned how to troubleshoot 401 – Unauthorized: Access is denied due to invalid credentials. In this post, we will cover how to troubleshoot HTTP Error 403.14 – Forbidden in Internet Information Services (IIS).

HTTP Error 403.14 – Forbidden ^

HTTP Error 403.14 Forbidden

HTTP Error 403.14 Forbidden

The HTTP Error 403.14 – Forbidden is displayed when you try to access a website hosted on IIS having detailed errors enabled. As you can see in the screenshot, the error page says The Web server is configured to not list the contents of this directory and also indicates the most likely causes of this error.

If the detailed errors are not enabled, you will see a custom error page with a generic message: 403 –Forbidden: Access is denied.

403 Forbidden Access is denied

403 Forbidden Access is denied

Cause of error ^

As indicated by the detailed error page, there are three likely causes of this error:

  1. Directory browsing is not enabled—Directory browsing is the ability of a web server to list the contents of the website's root directory in a web browser. The following screenshot shows what a website looks like when directory browsing is enabled:
What a website looks like in a browser when directory browsing is enabled

What a website looks like in a browser when directory browsing is enabled

As you can see in the screenshot, directory browsing enables visitors to view files and browse through the directories. The chances are pretty slim that you want your website to look like this.

  1. Default document is not configured—The default document is a file that is served by the web server when the client does not specify a particular file in a uniform resource locator (URL). By default, web server software recognizes file names such as default.htm, default.html, default.aspx, index.html, index.htm, etc. The following screenshot shows a list of default documents supported by IIS:
Viewing the default document for a website in the IIS Manager

Viewing the default document for a website in the IIS Manager

To add a custom default document (e.g., awesomehome.html), click Add and then type the name of the default document. You could even change the order of documents by selecting one and then clicking the Move Up or Move Down options in the Actions pane on the right.

  1. The ASP.NET feature is not installed on the server—The default documents, such as aspx and index.html, only work with websites that use traditional frameworks. With modern frameworks and programming technologies such as MVC, the default pages are defined and handled right inside the application code by the developers. So, if your website is using MVC or a similar technology, you need to install the ASP.NET feature on the server. See how to install ASP.NET on the web server.

Resolving the error ^

We covered the possible causes of this error in the previous section. Now, depending on your scenario, you could try the following steps to fix this error:

Directory browsing is not enabled

If you know that your website should list the contents of the root directory so that visitors can browse the files and folders, you need to enable the Directory Browsing option, using either the IIS Manager or the web.config file.

Enable directory browsing using the IIS Manager

Open the IIS Manager, select your website, and then double-click the Directory Browsing option under IIS in Feature view.

Viewing the directory browsing feature in the IIS Manager

Viewing the directory browsing feature in the IIS Manager

Now click Enable in the Actions pane on the right.

Enabling directory browsing using IIS manager

Enabling directory browsing using IIS manager

Enable directory browsing using the web.config file

If you're using a shared hosting server, you could enable directory browsing using the web.config file itself:

Open the web.config file and paste the following code between the <system.webServer> and </system.webServer> tags:

<directoryBrowse enabled="true" />
Enable directory browsing using the web.config file

Enable directory browsing using the web.config file

Default document is not configured

If your website uses a traditional framework and you see a file with a name such as default.aspx, index.html, or index.php in the website's root directory, make sure the same filename is also available in the list of default documents. You could even ask the developer about the name of the default document for your website. For instance, I know that my website is supposed to use home.html as the default document. Therefore, I will add it either using the IIS Manager or the web.config file. See the following screenshots for reference:

Adding a default document for the website using the IIS Manager

Adding a default document for the website using the IIS Manager

Adding a default document to a website using the web.config file

Adding a default document to a website using the web.config file

ASP.NET is not installed on the server

If neither of the above solutions works, it is likely that your website is using MVC or a similar technology that requires the ASP.NET development feature on the server, and it is not currently installed. This error is common when you try to host an MVC website on a web server for the first time. To install ASP.NET, use the following PowerShell command:

Install-WindowsFeature Web-Asp-Net45 -IncludeAllSubFeature

This command installs ASP.NET 4.5 or higher on the web server, and your MVC website will start working.

If your website is supposed to use a legacy version of ASP.NET (e.g., 3.5 or below), use the following command instead:

Install-WindowsFeature Web-Asp-Net -IncludeAllSubFeature
Installing ASP.NET on a web server using PowerShell

Installing ASP.NET on a web server using PowerShell

Common 403 substatus codes ^

The following table covers some common HTTP 403 substatus codes, along with their possible causes and troubleshooting advice:

Subscribe to 4sysops newsletter!

Status CodePossible CauseTroubleshooting Advice
403.1Execute access is forbiddenThis error indicates that the appropriate level of the execute permission is not granted. To resolve this error, make sure the application pool identity has the execute permission.
403.2Read access is forbiddenThis error indicates that the appropriate level of the read permission is not granted. To resolve this error, make sure the application pool identity has the read permission.
403.3Write access is forbiddenThis error indicates that the appropriate level of the write permission is not granted. To resolve this error, make sure the application pool identity has the write permission.
403.4An SSL connection is requiredThis error indicates that the request was made over a nonsecure HTTP channel but the web application is configured to require an SSL connection.
403.13The client certificate has been revokedThis error indicates that the client browser tried to use a certificate that was revoked by issuing certificate authority.
403.14The directory listing is deniedWe covered how to fix this error above.

Conclusion ^

The key to troubleshooting any IIS-related error is to enable the detailed errors. When the detailed errors aren't helpful in revealing the actual HTTP status and substatus codes, you could use Failed Request Tracing to understand what's going on with the HTTP request. I hope you find this post helpful.

1 Comment
  1. Vignesh Mudliar 2 weeks ago

    Handy tips to troubleshoot this issue. Thank you!

Leave a reply

Your email address will not be published.

*

© 4sysops 2006 - 2022

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account