The Community Forums

Interact with an entire community of cPanel & WHM users.
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

not acceptable problem

Discussion in 'General Discussion' started by ratserver, Aug 15, 2009.

  1. ratserver

    ratserver Member

    Joined:
    Jul 30, 2009
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Hello dear members

    one of my customers got the a problem with script , i think , this is a php function problem , that should edit on php.ini , but really i don't have experience about resolve it

    look at the below message from my customer:

    Hello. Is my error 406 problem being investigated or gained any progress now? Here are some more details that i found out during some tests. Problem is that, that server gives HTTP 406 error if finds symbol - % in any of GET parameters. Can test it here kaste.org/test.php?test=any_text_we_want - this goes without error, butkaste.org/test.php?test=any_text%we_want - this produces 406 error. As desktop applications that i need to use, sends encrypted data to server which contains %, then there is no way, I can handle with this issue. So, please do Your best to solve this issue.

    other :

    Is it really so hard to look at Your mod security log files, find rule witch gives FALSE positive (in symbol % at GET request), and implement exception for my script?
    It should be something like this:

    <LocationMatch “paht to my script”> (announce.php)
    SecRuleRemoveById 960010 (number of rule who gives FALSE positive...)
    </LocationMatch>

    do you know about it anythings , click on below link

    kaste.org/test.php?test=any_text%we_want << get the Not Acceptable message
     
    #1 ratserver, Aug 15, 2009
    Last edited by a moderator: Aug 15, 2009
  2. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    Sounds as though you are tripping Mod_Security.

    You need to located the rule that is being triggered and either disable
    that rule or re-write it so that it is not being triggered by that specific
    script if you know the script in question is one you want to be running.
     
  3. ratserver

    ratserver Member

    Joined:
    Jul 30, 2009
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    anybody can't help me??
     
  4. ratserver

    ratserver Member

    Joined:
    Jul 30, 2009
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    really i don't understand what do you said?

    how i should be disable it?
     
  5. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,450
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Assuming you have the default cPanel modsecurity installed, in your WHM at bottom of left menu click Mod Security link. At top of page that's opened there's a link to edit config. Open that and search the page for the number, 960010
    If you find it you can remark it out or remove it, your call.

    There are also a link to more Info at top.

    Or you can google for lots more answers:
    SecRuleRemoveById 960010 - Google Search
     
  6. ratserver

    ratserver Member

    Joined:
    Jul 30, 2009
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    thanks for your reply

    but i find

    id:'960016'"
    id:'960014'"
    id:'960011'"

    have not 960010 :(
     
  7. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,450
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    But you did find the area for modsecurity. There you'll also find the log. Open the problem link in your browser and check your log for what rule is blocking.
     
  8. linux7802

    linux7802 Well-Known Member

    Joined:
    Dec 14, 2007
    Messages:
    232
    Likes Received:
    1
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Solution

    The 406 error message you are receiving is clearly suggesting mod security problem due to that I would like to recommend you try to add following code as per Apache version on your server.

    --------------
    To check the Apache version for your server you need to phpinfo.php file under your domains public_html with the following code

    And then check the "SERVER_SIGNATURE" section after browsing the phpinfo.php file

    --------------

    For Apache 1 create .htaccess file under the public_html and add following code in .htaccess file
    For Apache 2 you need to add following code in httpd.conf file to disable the mode security for your domain and restart the Apache service but you need root login to add code in htttpd.conf file.If you are not having root login details then contact your hosting provider and ask them to disable the mod security for your domain.

    Hope it will sort out your 406 error message issue.... :)
     
  9. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    I would only do what the last poster said regarding .htaccess files as a temporary solution and / or to confirm that you indeed have a mod_security rule conflict that you need to address.

    I strongly do not advise just arbitrarily turning off mod_security for the whole site just because you run into a single rule conflict with an application. It is much better to rewrite the rule to make an exception for that particular application than to arbitrarily turn off your entire security.
     
  10. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,450
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    I agree with Spiral on this.
     
  11. ratserver

    ratserver Member

    Joined:
    Jul 30, 2009
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
  12. ratserver

    ratserver Member

    Joined:
    Jul 30, 2009
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
  13. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,450
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Not sure where you see an answer to your problem there. That thread is a year old and is another way to install modsecurity on your server.

    "These days" we can do this by rebuilding Apache from WHM and have EasyApache do all the work installing modsec. Much of that thread is out of date for a cPanel system, I suggest not following it. (although some parts might be useful to know about)


    Force this error you're getting and watch your logfile for it to come up. When you see it, grab the line and paste it here. (edit details) That should reveal the path to the file you want to edit.

    Short of that, you might want to hire someone to help if you're unsure you can do it.
     
  14. skatebored

    skatebored Member

    Joined:
    Sep 3, 2007
    Messages:
    24
    Likes Received:
    0
    Trophy Points:
    1
    mod sec

    halu...

    instead of disabling mod sec,
    you can disable that rule for the
    hosting account that facing the problem...
     
  15. ratserver

    ratserver Member

    Joined:
    Jul 30, 2009
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    hello

    i got the rebuil apache , once again same error

    also modesecurity re-installed

    it's really urgent , dear moderator can you do it by your own ?
     
  16. linux7802

    linux7802 Well-Known Member

    Joined:
    Dec 14, 2007
    Messages:
    232
    Likes Received:
    1
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Soution

    Without servers root login details no one can help you in this issue due to that I would like to recommend you check server logs for your domain

    And once you receive any error in error logs for your domain copy and paste in this thread as well as exact URL where you are receiving the error message so that we can help you in better way :)
     
Loading...

Share This Page