This guide explains what you need to determine as a website visitor if you get a type 403 errorin order to solve this problem.

What is error 403?

HTTP error code 403 usually means that access to a resource is denied to the client by the server.

In what case does this error occur?

The user is not authenticatedThe server requires the user to identify to access the resource. This may be the case for private pages requiring authentication, for example.

The user is authenticated but does not have the necessary permissionsThe server recognizes the user but does not allow access to the requested resource due to permission or role restrictions. This cause of error 403 may be an incorrect permission problem, on a folder or file. For a folder, the error message is of type "403 Forbidden", for a file, "failed to open stream: Permission denied". In this case you must check that the permissions of your folders / files are correct, i.e. minimum 644 for a file and 755 for a folder. Read more

The user's IP address is blocked or restricted: the server can block access to a specific IP address for security reasons, protection against attacks... Read more

The requested resource does not exist on the serverIn this case, the server returns an error 403 rather than an error 404 to avoid the disclosure of confidential information. If you are trying to simply access your home page or part of your site, indicating a type address www.domaine.xyz or www.domaine.xyz/dossier/ Make sure there is a home page named "index.html or .htm or .php" placed in the right place (at the root of your FTP space, in the /web directory, or in the /folder/ directory). Read more

In addition, make sure that there is no uppercase in the file name, all file names or folders present must be in lowercase, without accent or space.

Script errorIf you are running a script, filling out a form, loading a file online and you get this type of message:

Accès interdit!
Vous n'avez pas le droit d'accéder à l'objet demandé.
Soit celui-ci est protégé, soit il ne peut être lu par le serveur.
Si vous pensez qu'il s'agit d'une erreur du serveur, veuillez contacter le gestionnaire du site.
Error 403

the cause can be a filter that prevents unwanted use of scripts by spammers. Indeed, the Infomaniak Antivirus blocks uploading files via scripts or via FTP. This means that when a hacker sends a file identified as a virus via a form, an unsecured script or via FTP, its installation is directly blocked, the file is not uploaded to the server and the upload generates an error 403.

In case of false positives,contact Infomaniak support by giving the URL of the page where you encounter this error message in order to accurately diagnose the origin of the problem.

There are however many other cases among which you could get a message "403 forbidden" and for very different reasons ( PHP, perl, mod_security, .htaccess, ...).

This guide is for you if you encounter a 500 error that may have various causes generally related to the development of your site on a Web Hosting, particularly with the rewrites in your .htaccess files.

Preamble

• Apache2, in place on the servers, no longer supports certain modules such as mod_auth_anon, mod_auth_dbm, mod_authz_dbm, mod_cern_meta, mod_imap, mod_imagemap, mod_mime_magic
• Apache2 is strict about syntax errors and when it encounters syntax errors in a .htaccess file, this can result in 500 Internal Server Error errors or unexpected URL rewrite errors
   

Examples of syntaxes and correction

In this first example, the syntax error is that the rewrite rule does not specify the HTTP redirection response code to return.

RewriteRule ^articles/([0-9]+)/$ /article.php?id=$1 [L]

The correction adds the directive R=301 to specify that the redirection should return a 301 (permanent) code:

RewriteRule ^articles/([0-9]+)/$ /article.php?id=$1 [L,R=301]

In this second example, the syntax error is that the Options directive does not correctly specify the options to enable or disable.

Options -Indexes FollowSymLinks

The correction adds the sign "+" to specify that FollowSymLinks should be enabled rather than disabled:

Options -Indexes +FollowSymLinks

Fix these errors

• If the first page or another page displays a 500 error, rename the .htaccess file or comment out all lines with # and uncomment line by line until you find the problematic section.
• If the error occurs after a modification made to one of your pages, the simplest solution is to restore the previous version of the file.

This guide explains how disable or set PSTS for a website.

Preamble

• When PSTS is activated for a website, the server tells the visitor of the site (if its web browser is compatible) to replace all unsecured links with secure links.
• Example: http://www.exemple.com/une/page/ is automatically replaced by https://www.exemple.com/une/page/.
• After having activated an SSL certificate on a website, the HSTS is configured as follows: max-age=16000000.

Disable HSTS...

... with a CMS (WordPress, Joomla, etc.)

Include in all pages generated by CMS the following line:

header( 'Strict-Transport-Security: max-age=0;' );

For WordPress, it is e.g. possible to add this directive to the file functions.php of your theme:

add_action( 'send_headers', 'add_header_xua' );
function add_header_xua() {
header( 'Strict-Transport-Security: max-age=0;' );
}

More details on WordPress

... with a PHP site

Include the following line in all php pages:

header( 'Strict-Transport-Security: max-age=0;' );

To do this without having to modify each php page of a site, it is possible to use the directive auto_prepend_file in the file .user.ini of the site concerned:

auto_prepend_file=/home/clients/xxxx/web/hsts_disable.php

... with the file hsts_disable.php the following:

header( 'Strict-Transport-Security: max-age=0;' );

... with a site with static content (no PHP)

Include this header in a file.htaccess:

# BEGIN DISABLE HSTS
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=0; includeSubDomains;"
</IfModule>
# END DISABLE HSTS

Customize the HSTS

header( 'Strict-Transport-Security: max-age=X; includeSubdomains; preload' );

includeSubDomains; is enabled by default and as its name indicates it will include subdomains in the "Strict Transport Security".

When the visitor goes to an unsecured subdomain, the browser will redirect to HTTPS automatically and cause a security error.

If this behavior is not desired, this header should be removed.

Clear the browser's HSTS cache

To this end:

1. In Chrome, typechromium://net-internals/#hsts
2. Enter the domain name in the text field of the "Delete domain security policies" section.
3. Click on the button Delete.
4. Enter the domain name in the text field of the "Query HSTS" section.
5. Click the Query button.
6. The answer must be "Not found" (not found).

1. With Safari, start by closing the browser.
2. Clear File~/Library/Cookies/HSTS.plist.
3. Open Safari.

1. With Firefox, close all tabs.
2. Open the Firefox menu and click History / Show History.
3. Look for the page from which you want to remove the HSTS preferences.
4. Right-click on one of the corresponding entries.
5. Choose Forget this site.

This guide explains how to install a free SSL certificate Let's Encrypt on a website hosted by Infomaniak.

Preamble

• Once the certificate is installed, your website will be accessible in http and https …
  • If necessary automatically redirect all your visitors to the secure https site.
• If you wish to include an alias domain name recently added to your site that already had a certificate, you must update.
• For multiple subdomains, read more about this other guide.
• Let's Encrypt limits the installation of certificates To:
  • 100 subdomains
  • 20 certificates for 7 days per registered domain
  • 5 unsuccessful requests per account per host name per hour

Install a free SSL certificate on a site

Prerequisites

• For installation to be possible, domain name DNS must be correctly configured to point to the site in question.
• If a change has just been made at this level, some operations may not be functioning immediately.

To access websites to install an SSL certificate:

1. Click here in order to access the management of your product on the Manager Infomaniak (Need help?).
2. Click directly on the nameallocated to the product concerned:
   
3. Click on Configure under SSL certificate:
   
4. Click on the button Install a certificate:
   
5. Choose the free certificate.
6. Click on the button Next:
   
7. Check or select the relevant domains.
8. Click on the button Install:
   
9. Wait until the certificate is obtained on the site.

Be aware of this other guide if you encounter SSL errors.

This guide explains what a web host like Infomaniak is and what its role is. For example, can the technical support help with the design of a website or fix a bug that appeared on a user's computer?

Infomaniak, web host since 1996

According to Wikipedia, a web host is a company that provides Internet hosting for various and varied computer systems to people or entities who do not wish to do so by their own means.

Infomaniak is also…

• … decades of experience: it is a recognized player worldwide in hosting & online solutions, which loves what it does and wants to offer high-end solutions at affordable prices by continuously improving its services according to market trends and customer needs
• … more than a million users in Switzerland and Europe; CHF 36.5 M in revenue in 2022 (22.43% growth in German-speaking Switzerland compared to 2021)
• … a company certified ISO 27001, ISO 9001, ISO 14001, ISO 50001... is committed 100% to sustainable and responsible development with concrete actions, such as creating the most ecological datacenter in Switzerland; it compensates for the CO2 emissions generated by its activities and the energy used is renewable
• … 100% Swiss-made technological expertise: all customer data is hosted on servers in Switzerland that belong to Infomaniak; its solutions are systematically developed and maintained by hundreds of collaborators based in Geneva and Winterthur
• … more than 1,000 articles and videos; the knowledge base allows customers to find an immediate answer to the vast majority of questions and it is possible at any time to contact Infomaniak support

Infomaniak's responsibilities and limits of intervention

As a Web and Mail host, Infomaniak's main activities consist of installing, securing and keeping servers up to date to protect them from malicious attacks.

Infomaniak also ensures that its Web interfaces (Manager) and infrastructures are constantly evolving based on customer feedback, the latest technologies, and market needs. Finally, Infomaniak is also there to guide its customers through the various steps of service use.

However, Infomaniak does not intervene in the content of the servers or the development of websites. Indeed, the creation or maintenance of a site is a different job; Infomaniak employs webmasters and developers for its own site, its own applications & tools.

Technical Support Limitations

In particular, the technical support department will not be able to help you with…

• … solve issues related to site development (Fatal Error, etc.) or its updates
• … implement the solutions (e.g Hello, I want you to help me set up my entire Swiss Backup", “migrate my site")
• … manually install WordPress
• … take control of your computer remotely with TeamViewer or similar
  etc.

but he can assist you with…

• … solve issues related to the infrastructure or to Manager
• … clarify certain processes
  etc.

A Premium assistance is available to handle more demanding and recurring requests that require additional time and resources from the collaborators to assist you optimally.

Also discover the migration service from Infomaniak.

Find help from a webmaster

For external help related to the content of your site or the organization of your mailboxes, you can contact one of Infomaniak's partners.

Make a call for tender

The Infomaniak tender platform lists more than 1000 verified companies in Switzerland, France, Belgium, Italy and Spain. It is the fastest way to find a webmaster, a UX designer, an IT technician, a web agency or a communication and marketing agency near you; or browse the directory.

The BIMI standard (Brand Indicators for Message Identification, brand indicators for message identificationoffers companies the possibility to incorporate their logo into sent emails.

Preamble

• The Infomaniak applications (and other companies around the globe - read the chapter in case of issue below) are compatible with BIMI and will display the logos next to the received emails.
• Infomaniak Mail Services allow you to configure your email with your logo (be sure to read the prerequisites); the benefits are numerous:
  • increased trust: recipients can visually identify your emails, thus reducing the risk of phishing.
  • brand reinforcement: a clearly visible logo in inboxes enhances brand recognition.
  • better deliverability: emails compliant with DMARC have a higher chance of reaching the main inbox.

1. Create a logo

Create a logo in SVG (Scalable Vector Graphics) format. This format is required as it ensures optimal quality regardless of the device or display size.

To be imported into the Infomaniak interface (see below), it must not exceed 10 MB, but it can also be hosted on a publicly accessible secure server and you will simply need to provide its URL for the BIMI DNS record.

2. Obtain the VMC certificate

A verified logo certification (VMC) is required; it certifies that you are the legitimate owner of the logo. You can obtain this certification from recognized certification authorities such as DigiCert and Entrust.

When your VMC certificate is issued, you receive a PEM file containing the entity certificate. This PEM file includes your SVG format logo as well as the VMC.

3. Add the logo to Service Mail

Prerequisites

• All the indicators for Global Security of your Mail Service must be green (SPF + DKIM + DMARC)!

To access the Service Mail and set your company's logo:

1. Click here to access the management of your product on the Infomaniak Manager (need help?).
2. Click directly on the name assigned to the product in question.
3. Click on Global Security in the left sidebar.
4. Click on the Create button (in the BIMI section):
   
5. Fill in the requested information based on the received documents (see chapter 2 above) and do not forget to save.

In case of trouble

• If the Create button in the BIMI box remains grey, make sure to check the informative messages: DMARC may exist but may not be at the required rejection percentage, so adjust the parameters according to the indications.
• When there are multiple domains linked to the Service Mail, you must ensure that you have a certificate for each linked domain if you want BIMI on them.
• Note that Microsoft Outlook, Apple Mail, Thunderbird, the Mail app from Samsung, among others, have not yet adopted BIMI.

Disable BIMI

To disable BIMI, simply go to the domain name management page linked to the Service Mail and delete the corresponding TXT record.

This guide explains how to order a DNS zone from Infomaniak.

Preamble

• Having the DNS zone at Infomaniak is useful if your domain name is registered elsewhere (third-party provider/registrar) and you want to easily link this domain with Infomaniak products.
• Indeed, it is not enough to have a site domain.xyz at Infomaniak and to indicate the 2 DNS addresses of Infomaniak at the registrar of the domain name (if it is not Infomaniak) for the site to display when you type domain.xyz in a browser.
• You must add a DNS zone in the same place as the hosting to make the site work easily.
• This will also be particularly useful if the provider managing your domain name does not offer DNS zone management.
   

Order a DNS zone

To do this:

1. Click here to access the Shop Infomaniak.
2. Start a search with the name of the domain registered elsewhere.
3. Click on the action menu ⋮ located to the right of the result obtained.
4. Select Order a DNS zone:
   
5. Complete the purchase.
6. Once added to your Manager, the zone can be edited.

This guide explains add a new domain name to a website Infomaniak.

Preamble

• When you add a new domain name to a website, we talk about related area but also of aliases.
• An alias domain in this case is an additional domain name, also linked to an existing site.
  • To make the website domain.xyz be reachable with a whole other domain name like private.abc e.g., add private.abc as the alias of the website.
  • Second example, so that the site domain.xyz can also be reached with www. domain.xyz, it must be added as an alias to the domain domain.xyz In this example, domain.xyz is the parent site of the alias www.domain.xyz In general, the alias www is already added automatically and now...

Add an alias to an existing site

Prerequisites

• If the domain name (intended to become alias) or its DNS area is managed by Infomaniak, everything is OK. If not:
  • Domain name registration A must point to Infomaniak.
  • To simplify, you canentrusting the management of the domain to Infomaniak.
• It is also necessary that the future alias is not already so, in which case it will have to be the disconnect from the current site in advance (i.e. synonym).

To add an additional domain that will be linked to your website:

1. Click here in order to access the management of your product on the Manager Infomaniak (Need help?).
2. Click directly on the nameallocated to the product concerned:
   
3. Then click on the chevron ‍ to develop the game Areas of this site.
4. Click on the button Add Domain:
   
5. Enter the domain name(s) to be added, separating them by the key Enter.
6. If the alias or its DNS area is managed by Infomaniak, it is possible to automatically update DNS entries In the opposite case, make any changes to your registrar or transfer domain name management to Infomaniak.
7. If you have an SSL certificate like Let's Encrypt e.g. you can ask the update here to include the new names.
8. Click on Validate to complete the procedure:
   

To define the alias as the main domain, take note of this other guide.

This guide suggests solutions to common problems and common errors that may arise when you try to display your website in https after having activated an SSL certificate.

The web browser automatically displays the http version of the site when you try to access it in https

The following actions are recommended:

• Empty the cache from your apps or from your site.
• Check that the Pages and scripts site do not contain redirects on version http of the site.
• Check that the file .htaccess site does not contain redirects on version http of the site.
• Set address https the site as default:
  • with WordPress Infomaniak
  • for the other cases

The website is displayed badly (missing images, style sheets not supported, etc.) or displays a warning in the address bar

The following actions are recommended:

• Empty the cache from your apps or from your site.
• Check that the Pages and scripts do not point to external resources http ; the sitewhynopadlock.com can help you identify the unsecured elements of your site.

"This web page presents a redirect loop", "ERR_TOO_MANY_REDIRECTS"

If your web browser displays this error, it is recommended that you do the following:

• If the site works with a web application like WordPress or Joomla, disable extensions one by one to identify the one that poses a problem
• Check that the Pages and scripts site does not contain redirections on the http version of the site
• Try to disable PSTS
• If Prestashop is used, you need to enable SSL on all pages:
  1. Add your SSL domain:
     • Go in. Preferences > SEO & URLs.
     • In the "URL" section of the shop, enter the address of your site in the "SSL Domain" field (without the https://, just www.votresite.tld).
  2. Enable SSL:
     • Go in. Preferences > General parameters.
     • At the top of the page, click on "Click here to use the HTTPS protocol before enabling SSL mode."
     • A new page will open with your site in secure HTTPS version.
  3. Force the use of SSL on the entire site:
     • Come back in Preferences > General parameters.
     • Put the option "Enable SSL" on YES.
     • Also put "Forcing the use of SSL for all pages" on YES.

An old SSL certificate appears - empty SSL cache

Web browsers cache SSL certificates to speed up navigation. Normally, it's not a problem. However, when you develop pages for your website or install a new certificate, the SSL status of the browser may hinder you. P.ex you may not see the lock icon in the browser address bar after installing a new SSL certificate.

The first thing to do in this case is to make sure that the domain points well to the IP address of the server (records A and AAAA) and if it is still the wrong SSL certificate that is returned, empty the SSL cache:

• Chrome: go to Settings and click on Parameters Click on Show Advanced Settings Under Network, click on Edit proxy settings The dialog box Internet Properties is displayed. Click on the tab Content Click on Clear SSL status, then click OK. Other leads in this other guide.
• Firefox: go to Background Click on Clear Recent History then select Active connections and click on Clear Now.

Loss of CSS formatting

If the website is displayed without CSS style, analyze the loading of pages with the Browser Console. Mixed content errors related to your styles .css, it may be there, which will have to be resolved in order for them to be reloaded correctly.

This guide explains how redirect to a secure https (SSL) version all visitors of a site on Web hosting Infomaniak.

Preamble

• This redirection is normally automatic with a standard configuration and installation.
• For additional assistance contact a partner or launch a call for tenders free of charge — discover also the role of the host.

Manual redirection by .htaccess file

Prerequisites

• Have a valid and functional SSL certificate for the Infomaniak website.

Then change or add the next 3 lines to the file .htaccess the website concerned so that all its visitors can automatically access its secure https version:

RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule (.*) https://domain.xyz/$1 [R=301,L]

Replace the second line of the above code by RewriteCond %{HTTP:X-Forwarded-Proto} !https in case of a problem.

With CMS

Most web applications like WordPress and Joomla have extensions/plugins that automatically redirect visitors from a site to its secure https version.

WordPress

If you use a content management system (CMS) like WordPress to realize your site, we advise you to install an extension to do this redirection:

1. Save the files and database of the site as a precaution.
2. Install the extension Really Simple SSL or similar from the console WordPress and activate it.
3. Visitors are now automatically redirected to the version https of the site.

Joomla

1. Find the line

   var $live_site ='';

   in the Joomla configuration file (configuration.php) on the server.

2. Replace by

   var $live_site = 'https://www.domain.xyz';

3. Add three lines to your file .htaccess on the server:

   RewriteEngine On
   RewriteCond %{HTTPS} OFF
   RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

4. Open the Joomla administration panel in " System - Configuration".
5. Click on the tab "Server" and under "Forcing SSL" choose "Administration and site".
6. Save and visitors will now be automatically redirected to the version https of the site.

Prestashop

1. Access the General parameters in Prestashop's back office, to enable SSL:
   1. < v1.7 click on "Preferences" then on "General"
   2. > v1.7 click on "Shop Settings" then on "General"
2. Activate the toggle switch button "Activate SSL" on "YES"
3. Click on "Save"
4. At the same location, activate the toggle switch "Activate SSL on the whole site" on "YES".
5. Click on "Save".

In the event that a security lock does not appear in the browser or a warning is displayed, you should look at the template or modules side because sometimes they are not fully SSL compatible. Your Prestashop will then load elements (images, .css or .js files, fonts, etc.) into "http" while these should now be loaded into "https".

Drupal

Be aware of this Article (in English) which explains how to pass a Drupal site from https.

Alternatives

In your file .htaccess, to force the URL of the site to be https:// but without www :

RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www. [NC]
RewriteRule (.*) https://domain.xyz/$1 [R=301,L]

In the case of a redirect loop, adjust the above code by:

RewriteEngine on
RewriteCond %{HTTP:X-Forwarded-Proto} !https [OR]
RewriteCond %{HTTP_HOST} ^www. [NC]
RewriteRule (.*) https://domain.xyz/$1 [R=301,L]

In your file .htaccess, to force redirection with www

with subdomains:

RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} !^www. [NC]
RewriteRule (.*) https://www.domain.xyz/$1 [R=301,L]

In the case of a redirect loop, adjust the above code by:

RewriteEngine on
RewriteCond %{HTTP:X-Forwarded-Proto} !https [OR]
RewriteCond %{HTTP_HOST} !^www. [NC]
RewriteRule (.*) https://www.domain.xyz/$1 [R=301,L]

and without sub-domains:

RewriteEngine on
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^domain.xyz [NC]
RewriteRule (.*) https://www.domain.xyz/$1 [R=301,L]

In the case of a redirect loop, adjust the above code by:

RewriteEngine on
RewriteCond %{HTTP:X-Forwarded-Proto} !https [OR]
RewriteCond %{HTTP_HOST} ^domain.xyz [NC]
RewriteRule (.*) https://www.domain.xyz/$1 [R=301,L]

Common errors due to https redirection

To solve common problems that may arise following a redirection of your website on its secure https version, read this other guide.