Comments on: 406 Not Acceptable and Apache mod_security

By: Yves David

Yves David — Mon, 29 Jun 2009 16:14:34 +0000

I found a way around the 406 error. The company hosting
my web site would not turn down the security module
and I need the accented character.

I figured that % could be replaced by the word “percent”
then I realized that the word could be a valid part of the
string so I purposeley missspelled it. It became “pxrcent”
from there it’a easy.

JavaScript in the web page
// Standard urlencoding
Descr=escape(document.form1.Description.innerText);
// Ã‰ becomes %C9

//replacing the % wi9th the text
Description=Descr.replace(/%/g,”pxrcent”);
// %C9 becomes pxrcentC9

In the server the PHP code is:
$Description=urldecode(str_replace(“pxrcent”,”%”,$_GET['Description']));

well you get the idea…

By: Yves David

Yves David — Mon, 29 Jun 2009 13:50:37 +0000

Finding the offending string(character) was easy in my case it was the escape sequence “%E9 ” which stands for Ã‰ . after testing a few things I realized that all escape sequence from my Ajax HTTPxrequest generate the 406 error. …..

………………. and I am stuck here

By: Mike Mulligan

Mike Mulligan — Thu, 20 Nov 2008 13:51:44 +0000

Want to know something even odder? I am getting a 406 just recently as well, but here’s the kicker… Only in Firefox. My girlfriend’s IE is fine, and my Safari is fine, but Firefox is losing access to my site one directory at a time…

Even odder, these directories exist, and not just USED to work, but alternate in availability… Sometimes they will work, sometimes they will not. Not all at once either, individually, and at random moments…

Still Mod_Security?

By: Batfastad

Batfastad — Tue, 13 May 2008 10:43:46 +0000

Fantastic information!
I was having this problem with the latest version of phpBB (v3.0.1) when trying to edit overall_header.html in the subsilver2 theme

- I made the change to phpBB’s .htaccess
- Edited the template successfully
- And then commented out the .htaccess change in case it compromised server security somehow

Hope this helps someone out…. http://www.phpbb.com/community/viewtopic.php?f=46&t=919575&p=5456835

By: Christopher

Christopher — Sun, 06 Apr 2008 18:07:23 +0000

Had the same problem when I created an image, uploaded it to my site and tried to load it… I tried .gif, .jpg and .png, all failed with the Not Acceptable error.

Even more strangely, existing .png, .gif and .jpg files worked fine, so I’m not discounting that something was up with Irfanview which was corrupting the file headers somehow – but I don’t have time to investigate. The images work fine in Explorer and in Firefox, so I just applied your fix – works perfectly. Now I have time to go off and research the problem and (hopefully) fix it… Cheers!

By: Tom

Tom — Sun, 23 Mar 2008 00:09:51 +0000

Thanks very much for your support :-)

By: Jillian

Jillian — Sun, 20 Jan 2008 11:29:00 +0000

Thank you, you just saved my day!

By: Jason Friesen {dot} ca » Blog Archive » New Flock and 406 Errors

Jason Friesen {dot} ca » Blog Archive » New Flock and 406 Errors — Wed, 26 Sep 2007 19:32:30 +0000

[...] I looked at a number of posted fixes, with no joy. The problem is with Apache’s mod_security plugin. At last I resorted to my web host’s tech support. Within a couple of hours they cheerfully fixed the problem, and I was away. Hurrah! [...]

By: Sheri

Sheri — Sat, 07 Jul 2007 00:55:46 +0000

I used the SecFilterEngine method so that I could print the $_POST variables where I located the invalid characters. I cleaned up the code, removed the .htaccess modification and everything was fixed. BUT I would never have known that it was an invalid character problem had I not found your site. Thanks a lot!!

By: Erick

Erick — Fri, 06 Apr 2007 18:08:34 +0000

Thank you!! woww :)