There are two ways this problem can manifest itself.

1. You have another site in a subdirectory of your main site. Trying to access the subdirectory results in an error.

2. You have a subdomain or add–on domain in your hosting account. Trying to access it you get an error.

In both cases the problem is that the web root of the additional site, subdomain or add–on domain is a subdirectory of your main site.

Your web server applies the .htaccess file settings in a cascading manner. This means that it does NOT just parse the .htaccess file in the directory you are accessing but also the .htaccess files in all parent directories, all the way to the root of the filesystem. Let's give an example. If the URL https://subdomain.example.com is served from the directory /home/example/public_html/subdomain the web server will do the following when accessing this URL:

Since the .htaccess file generated by .htaccess Maker in your main site forbids access to directories not explicitly allowed, access to the directories of your other sites under the main site's root is forbidden and you get a 403 Forbidden error.

Depending on your server's configuration this may additionally result in a 404 error. This happens if your server is set up to use custom error pages but these custom error page files either do not exist or they are otherwise not accessible (e.g. they result in a 403 Forbidden error trying to access them). Your main site will try to handle the 404 error which means that you will see a confusing error message from your main site. Likewise, your main site may try to append a language code in the URL and lead to an endless redirection loop. Despite the different error conditions, the problem is the same: the other site is included in a subdirectory of your main site.

There is a workaround which works in most, but NOT all, cases.

You need to know the subdirectory name where your blocked site. We will assume it's foobar for the purposes of this documentation.

Go to your main site's back-end, Components, Admin Tools for Joomla!, .htaccess Maker. Find the "Allow direct access, including .php files, to these directories" list and enter the name of the directory, e.g. foobar, in a new line. Then click on Save and Create .htaccess.

If you have a PHP–powered site in the subdirectory (e.g. Joomla, WordPress, Drupal, Prestashop, a bespoke PHP application, ...) please remember to create a .htaccess file for that application as well. If it's a Joomla or WordPress site using Admin Tools Professional you may use the .htaccess Maker feature to create the .htaccess file.

Unfortunately, this method may not ALWAYS work. It does not reset the full set of options inherited from the main site's web root (and its parent folders). It is only a partial reset. We have found that in many cases where an AddHandler / SetHandler directive is used with the main site Apache may get confused trying to handle .php files in subdirectories. In other cases some static files such as CSS, images and JavaScript may not load correctly.

If you still have problems following the workaround method you are advised to follow the correct solution described below, creating folders outside and next to your main site's web root.

Recommendation for additional sites on top of your main site

There are many use cases which require using an additional site on top of your main site. For example, you may want to have a development or staging site; a regional site; a related site which cannot be implemented as a section of your main site; a mini-site for marketing purposes etc.

The first instinct people have is to create a subdirectory to host that additional site. This is wrong. Server configuration files such as .htaccess files on Apache and web.config files on Microsoft IIS cascade based on the disk directory structure. This means that you additional site will have the .htaccess or web.config file of the main site applied to it.

The correct way to implement an additional site is using a subdomain or add-on domain. Your hosting control panel will let you select which directory to use as the subdomain's / add-on domain's web root. DO NOT use a folder under your main site since, as we said, the server configuration files cascade. Instead, use a folder next to your main site's folder.

For example, if your main site's root folder is public_html you must NOT create a subdirectory inside it. Instead, create a folder next to it, e.g. named addon_html. Select this folder as your additional site's root. A common convention is to use an abbreviation of your additional site's subdomain / add-on domain name and the suffix _html for naming this directory. For example, if the main site is example.com and we are creating the subdomain staging.example.com to host a staging site we can create a folder named staging_html next to the public_html folder.

Doing that there is no common path between your main and additional sites. As a result the .htaccess or web.config file of the main site will not be applied to the additional site. You will no longer have a problem.

In most cases a change to the web site root can be applied retroactively, i.e. after you have created a subdomain or add-on domain in your hosting control panel. If you are not sure about that, please ask your host. We can't know which hosting control panel software your host uses and how they have configured it but they most definitely do know that; they are in control of their own servers, after all.