The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Access denied with code 406 (phase 2)

Discussion in 'Security' started by Ammar AbuQoura, Aug 22, 2012.

  1. Ammar AbuQoura

    Ammar AbuQoura Registered

    Joined:
    Aug 22, 2012
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hello
    in the mod security i have this error on the same site every min so i can't read the reset of the mod log

    this the error i hope you can help me

    Access denied with code 406 (phase 2). Pattern match "Windows-Update-Agent" at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "247"]
     
    #1 Ammar AbuQoura, Aug 22, 2012
    Last edited: Aug 22, 2012
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,482
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Has this file been customized?
     
  3. Ammar AbuQoura

    Ammar AbuQoura Registered

    Joined:
    Aug 22, 2012
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    as i know no it's not customized but i'm not sure
     
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,482
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    That file (modsec2.user.conf) on my servers is no where near 247 lines and is why I asked. You could track down that line and remark it out or remove it, or use a tool like this to allow the user agent for one site if you needed to: ConfigServer ModSecurity Control

    This isn't an error specifically I don't think, mod_security is doing what its supposed to do. What problem are you having here? Not sure by your first post, TBH.
     
  5. Ammar AbuQoura

    Ammar AbuQoura Registered

    Joined:
    Aug 22, 2012
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    i don't have any problem with the site (static site) but this line is almost every where in the mod log and it's annoying me
     
  6. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,482
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Assuming you use CSF you might want to tweak your settings a bit to perm block repeated rule triggers.

    # [*]Enable failure detection of repeated Apache mod_security rule triggers

    LF_MODSEC_PERM
     
Loading...

Share This Page