HTTP 406 Error
Some work I've been doing recently has involved debugging a Mambo installation. The website had developed the curious ability to block the editing of certain articles, but allowed other ones through. These blocked attempts to save articles were resulting in a '406 Not Acceptable' error.
According to the W3 specification, this means:
The resource identified by the request is only capable of generating response entities which have content characteristics not acceptable according to the accept headers sent in the request.
Say what?
After a lot of hair-pulling I tracked the problem down to a few words, such as '<script' and '&', which when included caused the error. This made me very suspicious - why would Mambo only block this HTML code? I explored further by inserting debug code into Mambo and then waited for the result... nothing. Mambo wasn't even being called.
This meant the problem must be before Mambo, and there was only one thing that could be responsible: Apache.
Some Googling later and I found information about an optional Apache module called mod_security. This is a very nice module that acts as an Apache firewall - it blocks a lot of the usual routes that people use to hack websites. In particular it scans POST requests (sent when you 'save' something on a website'), and displays a 406 error for anything controversial. Bingo!
The reason I'm documenting these frustrating few hours of my life is in the hope that it may prove useful to someone else. It appears that mod_security, if configured aggressively, can cause a lot of problems and these may manifest themselves in Mambo, WordPress, or any piece of web software.
The solution was very simple. The following lines were added to the .htaccess file to disable mod_security:
<IfModule mod_security.c> SecFilterEngine Off SecFilterScanPOST Off </IfModule>
Naturally you loose any benefits that mod_security might bring, but that's better than a non-functioning website, and you can always ask for the security configuration to be toned down to a more acceptable level.
Comments (page 4 of 6)
Nov 20, 2007 7:43 pm
I have to thank you, i've had this problem for a week now and after reading this it's fixed.
Thanks
Oct 23, 2007 4:10 pm
Moved to a new host and was presented with all kinds of stuff that didn't work anymore, including this 406 error while posting stuff. Glad I found your solution. Works for me!!
Thanks!
Oct 19, 2007 7:51 pm
ho there,
i am experience the 406 problem, modifying the htaccess file didnĀ“t work.
what can it be?
The error occurs when users want to save their image in communitybuilder.
many thanks.
M
Sep 14, 2007 10:53 am
I moved a site to a new server and got this error when running a simple script.
While waiting for support to help, I found your solution and it did the trick.
Thanks.
Sep 9, 2007 10:45 pm
thanks a lot man! i've encountered this problem uploading a long post from blogdesk to wordpress. short post will pass with no problem but the long post always had this error. your detailed solution saved my day! this post rocks!
Sep 5, 2007 11:56 am
This is great. I get my head of before this article.
And after it, a get admins head of
Tnx again dude
Aug 3, 2007 1:13 am
Thanks, this helped me.
Jul 19, 2007 11:30 am
My forms were getting 406 error messages after my host upgraded the CPanel.
After a whole day of tearing my hair out trying to fix this, your solution worked the first time I ran it.
THANKS!
Jun 6, 2007 10:22 pm
Saved my bacon! This is exactly what I needed to add google analytics to my Wordpress Blog. Brilliant! Thank you for sharing with us.
May 27, 2007 1:56 pm
thanks a lot man, you have help me a lot!
Leave a comment