PolurNET Communications Support Forums: [FIX] Error 406 - Not Acceptable - PolurNET Communications Support Forums

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

[FIX] Error 406 - Not Acceptable

#1 User is offline   PN-Anand Icon

  • President, Founder, Chief of Operations
  • Icon
  • Group: PolurNET Staff
  • Posts: 1,816
  • Joined: 27-July 05
  • Gender:Male
  • Location:Canada

Posted 03 December 2007 - 08:01 PM

PROBLEM

When attempting to access your website, you get the following message

Quote

Not Acceptable
An appropriate representation of the requested resource xxxx could not be found on this server."


This is due to mod_security or mod_security2 that we have implemented on most of our servers. Fortunately, a fix exists that should be used only for those cases where your website is completely not functional with this message.

SOLUTION

1) If the server you are on runs Apache 1.3.x, place the following code in your public_html .htaccess file:

<!--c1-->
CODE
<!--ec1-->
SecFilterEngine Off
SecFilterScanPOST Off
<!--c2-->
<!--ec2-->

2) If the server you are on runs Apache 2.2.x, place the following code in your public_html .htaccess file:

SecRuleEngine Off


NOTES

- Should only be applied when receiving the above-mentioned 406 Error. In other cases, mod_security will protect your website from many vulnerabilities.
- Disabling mod_security above will expose your site to vulnerabilities and possibly hack attempts. We are not responsible for any misuse of this information.


EDIT:

This method turns out to not be working. Instead, the only way to bypass mod_security2 in Apache 2 is to manually edit httpd.conf. However, as cPanel autogenerates this, one must directly edit the httpd template files that cPanel uses to generate the httpd.conf. Namely, in /var/cpanel/templates/apache2/vhost.default

Add the following line before the closing tag

Quote

[% IF vhost.servername == 'domain.com' || vhost.servername == 'domain2.com' -%]
## ADDED BY POLURNET TO BYPASS MOD_SECURITY2 FOR SPECIFIC DOMAINS

SecRuleEngine Off

[% END -%]


After adding this, you must also remember to re-generate the template (run /usr/local/cpanel/bin/build_apache_conf) and restart Apache/httpd, otherwise changes won't take effect.

This feature needs root access, thus can only be requested on our helpdesk for shared/reseller hosting customers, if your site does not work with mod_security enabled; or if you have a VPS/dedicated server, you can do so yourself.
Anand A.
President, Founder, Chief of Operations
PolurNET Communications
anand @ polurnet.com
0

#2 User is offline   PN-Anand Icon

  • President, Founder, Chief of Operations
  • Icon
  • Group: PolurNET Staff
  • Posts: 1,816
  • Joined: 27-July 05
  • Gender:Male
  • Location:Canada

Posted 18 January 2009 - 09:20 AM

Many users have reported issues accessing PHPMyAdmin when mod_security is enabled (causing their firewall IPs to be blocked). Adding the following exclusion code for the server hostname will help resolve the problem:

#Allow phpmyadmin to work with mod_security setups
<IfModule mod_security2.c>
<LocationMatch "/tbl_change.php">
SecRuleRemoveById 950006
</LocationMatch>

<LocationMatch "/sql.php">
SecRuleRemoveById 950006
</LocationMatch>
</IfModule>

Anand A.
President, Founder, Chief of Operations
PolurNET Communications
anand @ polurnet.com
0
Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users