Redirected to InfinityFree 403 Forbidden page

Getting a 403 error means the server is refusing to show your webpage. Here are the most common causes and how to fix them:

1. Website Files Are in the Wrong Location

The Issue: Your domain might be pointing to an empty or non-existent folder.

How to Check:

  1. Log into your InfinityFree client area
  2. Go to Accounts → [Select your account] → Domains → [Find your domain] → Manage
  3. Find the Directory Status card, and look at the Directory displayed there

Understanding the folder structure:

  • Your first domain uses the htdocs folder
  • Additional domains get their own folders (e.g., example.com/htdocs)
  • If you delete and re-add your original domain, it will be treated as an additional domain and get a new folder

How to Fix: Upload your website files to the exact folder shown in your client area. If the folder is empty or missing, that’s why you’re seeing the 403 error.

2. Missing Index File

The Issue: When someone visits your site (like http://example.com/ or http://example.com/blog/), the server looks for a default file to display. If it can’t find one, you get a 403 error.

What the server looks for:
The server searches for these files in this exact order:

  1. index.php
  2. index.html
  3. index.htm
  4. index2.html

Important notes:

  • File names are case-sensitive - Index.php or index.HTML won’t work
  • The server only looks in the specific folder being accessed, not subfolders

How to Fix (choose one):

Option 1 (Recommended): Create an index file

  • Add an index.html or index.php file to your main folder
  • This file will be shown when people visit your site

Option 2: Show a file listing

  • Create a file called .htaccess in the folder
  • Add this line: Options +Indexes
  • Visitors will see a list of files instead of your webpage

Option 3: Set a custom default file

  • Create a file called .htaccess in the folder
  • Add this line: DirectoryIndex yourfile.html index.php index.html index.htm
  • Replace yourfile.html with your actual filename

3. Blocked Keywords in Your URL

The Issue: Certain keywords in your URL are automatically blocked by InfinityFree.

Blocked keywords and why:

“chat” - Live chat scripts constantly refresh pages, creating excessive server load

  • Examples: chat.php, /livechat/, /support/chat/

“includes” - This folder typically contains scripts meant to be loaded by other PHP files, not accessed directly by browsers (security measure)

  • Examples: /includes/functions.php, /includes/config.php

How to Fix:
Rename your files or folders to something else:

  • For chat: talk, messages, contact, support
  • For includes: pages, functions, scripts.

Important: Even if you rename chat-related files, hosting live chat scripts is still prohibited.

4. Your IP Address Is Blocked

The Issue: Your website’s .htaccess file might be blocking your own IP address.

How to Check:

  1. Access your website files via file manager or FTP
  2. Look for a file named .htaccess in your website folder
  3. Open the file and look for lines starting with deny from or allow from

How to Fix:

If you don’t want IP restrictions:

  • Remove all lines starting with deny from or allow from

If you see allow from all:

  • Look for lines like deny from [your IP address] and delete them

If you see deny from all:

  • Add a new line: allow from [your IP address]
  • You can find your IP address by searching “what is my IP” in Google

Still having trouble? Double-check that your files are in the exact folder path shown in your InfinityFree client area under Domains. Most 403 errors are caused by files being in the wrong location.

4 Likes

I should ask to clarify, and I hope that other people have this question as well to prevent my question from being self-centered:

Why do you block folders containing the words include/require? Is this for the safety regarding people who do not understand this principle well (the principle of include/require), preventing them from accidentally harming their website?

Or is there another reason behind blocking these folders that might otherwise cause problems to people or their website (or Infinityfree)?

3 Likes

Good question, but one I omitted for a reason.

The reason is that I didn’t block these URLs, but iFastNet did. And I don’t know for sure when or why they did this.

My guess, based on my experience with iFastNet and how they approach things, is that there was a security problem in some popular script or CMS which placed some shared code in the includes folder, which had security problems if these scripts were accessed directly. Like exposing sensitive data, or be used for spam. And to prevent this from being abused, the decision was made to block access to the files and folders that enabled these attacks.

But I didn’t include it in the article because it’s completely unverified.

4 Likes

You may also want to add that errors folder is also prohibited.

The “errors” folder does not lead to a 403 error though, so it does not belong in this article.

5 Likes

A post was split to a new topic: Verifying website on Yandex and Firefox leads to error 403

I just noticed that the block on files within the ‘includes’ folder is not working, or at least not how I expected it to work.

The includes folder
For security reasons, all files in a folder includes are blocked

I have a folder named includes in the htdocs folder. If I try to accesss the folder itself by typing devnotes.rf.gd/includes the server responds with a 403 forbidden message which is what I expected, however, if I type devnotes.rf.gd/includes/footer.php the browser renders:

page footer © Fishbite

FYI, the content of the footer.php file is simply:

    <footer><p>page footer &copy; Fishbite <?= $year ?></p></footer>
</body>
</html>

I expected to see the a 403 forbidden message again when I tried to access this footer.php file directly, or am I misunderstanding something?

1 Like

That is intentional. “includes” is a reserved system name.

2 Likes

I don’t think that is what they meant. Fishbite understands that accessing inside of the “includes” directory directly through the browser leads to a 403 Forbidden error (or at least should):

However, they see

Instead of a 403 Forbidden. And oddly enough, I see it too:


I tested it on my website, and sure enough, I got the same result:

5 Likes

Interesting finding indeed! Directly accessing devnotes.rf.gd/includes is expected if the directory doesn’t have an index file, which I assume it doesn’t have. But accessing any files in that directory used to not work.

It’s entirely possible that this was changed somehow. Maybe because the filters broke, maybe because they were no longer deemed relevant, or maybe because they have been tightened to only block specific paths within the includes folder to prevent issues to legitimate use cases.

Time will tell if we’ll ever get any support requests where this might play up.


And for people who were relying on the includes folder blocking direct access to their files, you can still replicate the old behavior by going to the includes directory, create a new file with the name .htaccess, and put the line Require all denied in it.

6 Likes