Trying out Google's tag manager this afternoon and found that any pages with the script throw a 406 error. In turn the rest of the site cannot be accessed either (regardless if the tag is present on them or not) because of that. Say I have the script on a test page, test.htm, it will load and work fine the first view. Any refresh of that page or even going to another page (ones without the script on them) will then throw a 406.
I am assuming the problem has to do with the cookie set by Google (since the pages will load again after the browser is closed and reopened). Google tag manager allows you to set analytics, adwords, conversion tracking, remarketing, etc all with one tag rather than separate scripts for each.
It appears that mod security is the culprit. Here is an example entry :
and then from the logs :
[Wed Jan 07 22:51:11.747896 2015] [:error] [pid 30577] [client 111.111.111.111] ModSecurity: Access denied with code 406 (phase 2). Pattern match "\\\\b(\\\\d+) ?= ?\\\\1\\\\b|[\\\\'\\"](\\\\w+)[\\\\'\\"] ?= ?[\\\\'\\"]\\\\2\\\\b" at REQUEST_HEADERS:Cookie. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "94"] [id "959901"] [msg "SQL Injection Attack"] [data "1=1"] [severity "CRITICAL"] [tag "WEB_ATTACK/SQL_INJECTION"] [hostname "www.test.com"] [uri "/error.htm"] [unique_id "VK3@r2B-guIAAHdxu0AAANfsdf
... and this could be related as well. The whole reason I decided to use Google Tag Manager in the first place is Google Adwords kept reporting glcid errors, however, this was from using the normal script and not tag manager :
I would assume this is a common problem since most hosts have mod security enabled... what is the solution here if any? I have never really had any problems, that I know of, with mod security up until this.
I am assuming the problem has to do with the cookie set by Google (since the pages will load again after the browser is closed and reopened). Google tag manager allows you to set analytics, adwords, conversion tracking, remarketing, etc all with one tag rather than separate scripts for each.
It appears that mod security is the culprit. Here is an example entry :
Code:
2015-01-07 20:06:03 www.test.com 111.111.111.111 CRITICAL 406
✏ 959901: SQL Injection Attack
Hide
GET /test.htm[Wed Jan 07 22:51:11.747896 2015] [:error] [pid 30577] [client 111.111.111.111] ModSecurity: Access denied with code 406 (phase 2). Pattern match "\\\\b(\\\\d+) ?= ?\\\\1\\\\b|[\\\\'\\"](\\\\w+)[\\\\'\\"] ?= ?[\\\\'\\"]\\\\2\\\\b" at REQUEST_HEADERS:Cookie. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "94"] [id "959901"] [msg "SQL Injection Attack"] [data "1=1"] [severity "CRITICAL"] [tag "WEB_ATTACK/SQL_INJECTION"] [hostname "www.test.com"] [uri "/error.htm"] [unique_id "VK3@r2B-guIAAHdxu0AAANfsdf
... and this could be related as well. The whole reason I decided to use Google Tag Manager in the first place is Google Adwords kept reporting glcid errors, however, this was from using the normal script and not tag manager :
Code:
2014-12-31 16:09:09 www.test.com 222.222.222.222 CRITICAL 501
✏ 959006: System Command Injection
Hide
GET /?gclid=CO2jqKWY8cICFVgWjgodLZ8AzAI would assume this is a common problem since most hosts have mod security enabled... what is the solution here if any? I have never really had any problems, that I know of, with mod security up until this.
Last edited:
