HTTP 406 Error
Some work I've been doing recently has involved debugging a Mambo installation. The website had developed the curious ability to block the editing of certain articles, but allowed other ones through. These blocked attempts to save articles were resulting in a '406 Not Acceptable' error.
According to the W3 specification, this means:
The resource identified by the request is only capable of generating response entities which have content characteristics not acceptable according to the accept headers sent in the request.
Say what?
After a lot of hair-pulling I tracked the problem down to a few words, such as '<script' and '&', which when included caused the error. This made me very suspicious - why would Mambo only block this HTML code? I explored further by inserting debug code into Mambo and then waited for the result... nothing. Mambo wasn't even being called.
This meant the problem must be before Mambo, and there was only one thing that could be responsible: Apache.
Some Googling later and I found information about an optional Apache module called mod_security. This is a very nice module that acts as an Apache firewall - it blocks a lot of the usual routes that people use to hack websites. In particular it scans POST requests (sent when you 'save' something on a website'), and displays a 406 error for anything controversial. Bingo!
The reason I'm documenting these frustrating few hours of my life is in the hope that it may prove useful to someone else. It appears that mod_security, if configured aggressively, can cause a lot of problems and these may manifest themselves in Mambo, WordPress, or any piece of web software.
The solution was very simple. The following lines were added to the .htaccess file to disable mod_security:
<IfModule mod_security.c> SecFilterEngine Off SecFilterScanPOST Off </IfModule>
Naturally you loose any benefits that mod_security might bring, but that's better than a non-functioning website, and you can always ask for the security configuration to be toned down to a more acceptable level.
Comments (page 1 of 6)
Dec 18, 2005 2:12 pm
Hey, great!
.htaccess in the root and the problem is solved.
Dec 18, 2005 7:10 am
Create one if it doesn't already exist, it's entirely optional.
Dec 18, 2005 5:14 am
Call me stupid, but i can't find a .htaccess file to edit in my joomla installation. Can anyone telle me where it is located?
Dec 13, 2005 11:34 am
Saving the Day...
Thanx my friend... It was very helpful.
I´m using Mambo in some site and since last week my site http://www.marketing-internet.net was showing a 406 error everytime I turn On the Search Engine Friendly Mode. Now with your tip everything is right again...
Thanks
Eduardo
Nov 29, 2005 4:11 pm
I'm not sure I understand you fully Omid. If you want to have only a certain folder affected by the htaccess file then you need only place it in the that folder, and anything in a higher directory should not be affected.
Nov 29, 2005 1:53 pm
It is good but can do something to modify the htaccess of one folder to fix the problem?
Nov 28, 2005 10:22 am
many thanks,
this also fixed a problem with my cutenews installation (aj-fork 1.67) that really had me baffled. my host (cyberultra.net) has a track record of messing with apache configuration.
again, much apprecitated.
lyndon.
Nov 23, 2005 8:20 pm
Finaly I have found the answer to this frustrating problem. Thanks........
Nov 20, 2005 9:23 am
Thank You!
Oct 24, 2005 11:25 pm
Just wanted to let you know that this fixed my odd problems with the stat tracker Mint as well - it was throwing up 406 errors in debug mode when viewing articles.
Thanks for the code! Saved my bacon.
Leave a comment