The other day I was writing a script for work and discovered it wasn't behaving as expected. The web browser didn't give me any helpful information so I decided to use wget
to see what the actual error was:
eris:~ raam$ wget --spider -v mysite.com
Connecting to mysite.com|69.16.69.151|:80... connected.
HTTP request sent, awaiting response... 406 Not Acceptable
16:19:28 ERROR 406: Not Acceptable.
Ah ha! ERROR 406: Not Acceptable
. After doing some Googling I discovered the problem is related to an optional (though commonly installed) Apache module called mod_security
. This module basically acts as a firewall for Apache to help prevent website attacks, specifically attacks through POST submissions.
To disable mod_security
, you can place the following line in an .htaccess
file on the root of your site:
SecFilterEngine off
I then confirmed that disabling mod_security
actually fixed the problem:
eris:~ raam$ wget --spider -v mysite.com
Connecting to mysite.com|69.16.69.151|:80... connected.
HTTP request sent, awaiting response... 200 OK
So as you can see, the quick solution to fixing the Error 406 problem is to disable mod_security
altogether using a .htaccess
file. However, this leaves me wondering how much security I'm giving up by disabling mod_security
.
I was in a hurry when this happened so I didn't spend much time investigating what exactly my script was doing that may have caused mod_security
to freak out. Sometimes other applications cause the Error 406 problem, such as WordPress or Mambo, and you really don't have choice except to wait for a fix to be released. Since my own software caused the problem, figuring out why should be easy. I'll post my results when I determine what was.
Typo found…
You talk about Error 406, but yet:
“Ah ha! ERROR 405: Not Acceptable”
pwned.
(and fixed)
Thanks DJT!
Hello.
All “solutions” of this problem I’ve found with Goolge assume I have shell access, not hosting. How to hack PMA not to cause this error without shell? You know, if host security is as paranoid to cause 406 – it SURELY has .htaccess override disabled!
I has similar issue, with mod_security disabled. Is there any other modules make this error
I’m not aware of any other modules that might cause this issue, but I’m sure there are others out there. You might try posting a question on ServerFault.