Access denied with code 406 (phase 2)
Hello
in the mod security i have this error on the same site every min so i can't read the reset of the mod log
this the error i hope you can help me
Access denied with code 406 (phase 2). Pattern match "Windows-Update-Agent" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "247"]
Last edited by Ammar AbuQoura; 08-22-2012 at 09:36 AM.
Re: Access denied with code 406 (phase 2)
Has this file been customized?[file "/usr/local/apache/conf/modsec2.user.conf"] [line "247"]
Re: Access denied with code 406 (phase 2)
as i know no it's not customized but i'm not sure
Re: Access denied with code 406 (phase 2)
That file (modsec2.user.conf) on my servers is no where near 247 lines and is why I asked. You could track down that line and remark it out or remove it, or use a tool like this to allow the user agent for one site if you needed to: ConfigServer ModSecurity Control
This isn't an error specifically I don't think, mod_security is doing what its supposed to do. What problem are you having here? Not sure by your first post, TBH.
Re: Access denied with code 406 (phase 2)
i don't have any problem with the site (static site) but this line is almost every where in the mod log and it's annoying me
Re: Access denied with code 406 (phase 2)
Assuming you use CSF you might want to tweak your settings a bit to perm block repeated rule triggers.
#[*]Enable failure detection of repeated Apache mod_security rule triggers
LF_MODSEC_PERM
LinkBack URL
About LinkBacks
Reply With Quote