One of my senior named Shashank Shekhar Mishra ( CS Deptt.) has his own blog website named Loony Goonie. Now, he has provided feeds for his website on social networking websites like Facebook, Twitter etc. But the main problem is that whenever someone tries the link for the blog, a message saying HTTP 403 Forbidden Error displays.
This blog is regarding this very problem.
Now, what exactly is this 403 Forbidden Error?
First we must understand what how data transfer takes place when you surf on the internet! Well the web browser is actually an application that places your request to the Web server(running the Web site) with the help of router, the Web server then searches your connection(whether it is secured or not), then the request is sent to the main server to which you are actually connected. It then selects your required item from a vast pool of data(that can be anything i.e. from images to text; from mp3 to video or from flash presentations to huge .exe files) by the popular searching techniques. Now it puts this item on your router that finally serves your purpose.
Now that you have a layman's idea about how information transfer takes place on the internet, so let us finally understand why this error message is displayed sometimes.
- The Web server (running the Web site) thinks that the HTTP data stream sent by the client (e.g. your Web browser or our CheckUpDown bot) was correct, but access to the resource identified by the URL is forbidden for some reason.
- This indicates a fundamental access problem, which may be difficult to resolve because the HTTP protocol allows the Web server to give this response without providing any reason at all. So the 403 error is equivalent to a blanket 'NO' by the Web server - with no further discussion allowed.
- By far the most common reason for this error is that directory browsing is forbidden for the Web site. Most Web sites want you to navigate using the URLs in the Web pages for that site. They do not often allow you to browse the file directory structure of the site. For example try the following URL (then hit the 'Back' button in your browser to return to this page):
- This URL should fail with a 403 error saying "Forbidden: You don't have permission to access /accounts/grpb/B1394343/ on this server". This is because the CheckUpDown Web site deliberately does not want you to browse directories - you have to navigate from one specific Web page to another using the hyperlinks in those Web pages. This is true for most Web sites on the Internet - their Web server has "Allow directory browsing" set OFF.
- One very simple possible reason for this problem can be the "Bounce Value" of the page. A higher Bounce Value can cause this problem. But this is not the exhaustive reason of this problem.
Any client (e.g. your Web browser or our CheckUpDown bot goes through the following cycle:
You first need to confirm whether you have encountered a "No directory browsing" problem. You can see this if the URL ends in a slash '/' rather than the name of a specific Web page (e.g. .htm or .html). If this is your problem, then you have no option but to access individual Web pages for that Web site directly.
- Obtain an IP address from the IP name of the site (the site URL without the leading 'http://'). This lookup (conversion of IP name to IP address) is provided by domain name servers (DNSs).
- Open an IP socket connection to that IP address.
- Write an HTTP data stream through that socket.
- Receive an HTTP data stream back from the Web server in response. This data stream contains status codes whose values are determined by the HTTP protocol. Parse this data stream for status codes and other useful information.
It is possible that there should be some content in the directory, but there is none there yet. For example if your ISP(Internet Service Provider) offers a 'Home Page' then you need to provide some content - usually HTML files - for the Home Page directory that your ISP assigns to you. Until the content is there, anyone trying to access your Home Page could encounter a 403 error. The solution is to upload the missing content - directly yourself or by providing it to your ISP. Once the content is in the directory, it also needs to be authorized for public access via the Internet. Your ISP should do this as a matter of course - if they do not, then they have missed a not-very-intelligent step. - If the entire Web site is actually secured in some way (is not open at all to casual Internet users), then an 401 - Not authorized message could be expected. It is possible, but unlikely, that the Web server issues an 403 message instead.
Some Web servers may also issue an 403 error if they at one time hosted the site, but now no longer do so and can not or will not provide a redirection to a new URL. In this case it is not unusual for the 403 error to be returned instead of a more helpful error. So if you have recently changed any aspect of the Web site setup (e.g. switched ISPs), then a 403 message is a possibility. Obviously this message should disappear in time - typically within a week or two - as the Internet catches up with whatever change you have made.
If you think that the Web URL *should* be accessible to all and sundry on the Internet and you have not recently changed anything fundamental in the Web site setup, then an 403 message indicates a deeper problem. The first thing you can do is check the URL via a Web browser. This browser should be running on a computer to which you have never previously identified yourself in any way, and you should avoid authentication (passwords etc.) that you have used previously. Ideally all this should be done over a completely different Internet connection to any you have used before (e.g. a different ISP dial-up connection). In short, you are trying to get the same behaviour a total stranger would get if they surfed the Internet to the Web page URL.
If this type of browser check indicates no authority problems, then it is possible that the Web server (or surrounding systems) have been configured to disallow certain patterns of HTTP traffic. In other words, HTTP communication from a well-known Web browser is allowed, but automated communication from other systems is rejected with an 403 error code. This is unusual, but may indicate a very defensive security policy around the Web server.
I think that this should serve the purpose.
So I am off now! See you guys in the next blog!
Regards
Courtesy: http://www.checkupdown.com/default.html
No comments:
Post a Comment