The Community Forums

Interact with an entire community of cPanel & WHM users.
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Not Acceptable - 406

Discussion in 'General Discussion' started by JZM, Jul 27, 2011.

  1. JZM

    JZM Member

    Joined:
    Aug 17, 2007
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    How could I fix this issue?



    Not Acceptable

    An appropriate representation of the requested resource / could not be found on this server.
    Code:
    HTTP/1.1 406 Not Acceptable
    Content-Length: 381
    Keep-Alive: timeout=5, max=97
    Connection: Keep-Alive
    Content-Type: text/html; charset=iso-8859-1
    
    --96c94e49-H--
    Message: Access denied with code 406 (phase 2). Pattern match "\b(?:(?:s(?:ys(?:(?:(?:process|tabl)e|filegroup|object)s|c(?:o(?:nstraint|lumn)s|at)|dba|ibm)|ubstr(?:ing)?)|user_(?:(?:(?:constrain|objec)t|tab(?:_column|le)|ind_column|user)s|password|group)|a(?:tt(?:rel|typ)id|ll_objects)|object_(?:(?:nam|typ)e|id)| ..." at REQUEST_HEADERS:Cookie. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "88"] [id "959904"] [msg "Blind SQL Injection Attack"] [data "user_password"] [severity "CRITICAL"] [tag "WEB_ATTACK/SQL_INJECTION"]
    Apache-Error: [file "core.c"] [line 3543] [level 3] File does not exist: /home/careerid/public_html/406.shtml
    Action: Intercepted (phase 2)
    Stopwatch: 1311745252061144 8317 (7330 8020 -)
    Producer: ModSecurity for Apache/2.5.13 ([url=http://www.modsecurity.org/]ModSecurity: Open Source Web Application Firewall[/url]).
    Server: Apache
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,450
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    When mod security stops something from happening, its logged, and shows a file to the end user called 406.shtml, you don't have one though.

    You can create error pages from within cPanel > Advanced section > Error Pages > Show All HTTP Error Status Codes tab.

    The ID for the rule that was tripped is: id "959904" as seen in that message. You can edit your rules as you see fit if this rule is blocking something on your website that you'd like to have working but doesn't due to this. Problem with that is, editing the ruleset disables that rule for the entire server.

    Here's a great tool that allows you to disable a rule for just one site on the server, instead if you're interested:
    ConfigServer ModSecurity Control
     

Share This Page