Not Acceptable! An appropriate representation of the requested resource could not be found on this server. This error was generated by Mod_Security

Question

I'm new to moodle environment and I'm having this error:

Not Acceptable!

An appropriate representation of the requested resource could not be found on this server. This error was generated by Mod_Security.

I haven't done anything, I'm just viewing the registered users in my website:
http://www.joyfementira.com/dnsc/it14lms
I've noticed that my profile picture is not properly loaded so I clicked on it (picture's position), and after that the error came out.

What probably caused this error and how would I fix it?

Answer 1

Just to add to the answers. If this happens while you are trying to login to a WordPress website admin and you are using any type of VPN on your machine, you'd have to turn it off to solve the problem.

If you turn off your VPN, you'd be able to login without experiencing the issue.

Answer 2

I was experiencing same issue with my WP site shared-hosted in HostMonster. I resolved simply by accessing to the server via SSH and added the following lines on the .htaccess file :

<IfModule mod_security.c>
  SecFilterEngine Off
  SecFilterScanPOST Off
</IfModule>

Answer 3

Apache has a mod_security tool that tries to block SQL injections by url. This rule is also blocking some real urls. The solution is:

• access WHM in your dedicated server
• search for mod_security tools
• check if it's blocking some urls
• click in the rule id
• click in deploy and Restart Apache

if you don't have access to WHM in your server. Pass this issue to your server administrator.

---

This is the rule that was blocking my urls

SecRule REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer "\b(\d+) ?= ?\1\b|\'\"[\'\"] ?= ?[\'\"]\2\b" \ "phase:2,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,ctl:auditLogParts=+E,log,auditlog,msg:'SQL Injection Attack',id:'959901',tag:'WEB_ATTACK/SQL_INJECTION',logdata:'%{TX.0}',severity:'2'"

Answer 4

This error will appear in some sites if cookies are turned off and mod_security requires cookies to match session data. It is suppossed to make things more secure... it ends up just annoying. Especially because web indexing crawlers like googleBot and other search engines do not use cookies, so THEY see this error instead of your site.

Answer 5

Do you have experience in setting up servers? Is this hosted by yourself or is it a shared hosting package?

The reason I ask is because this is a server-side (Apache) issue.

First, make sure your .htaccess file doesn't have any silly rules in it. The error arises because the server is denying access.

Second, make sure your file permissions are set up correctly. Generally speaking, you want directories to be 7/0/0 or 7/5/0 and files to be 6/0/0 or 6/4/0.

Read this for more details on Moodle security guidelines.

As for the profile picture issue, I'm not entirely sure what you're referring to so unfortunately I'm unable to answer that question. I doubt the two issues are related from the sounds of things.

Answer 6

I'm writing scripts to communicate from one server to another and I don't own either servers and cannot change any settings. I was getting the Not Acceptable error with some embedded URLs but not others. For example this one gets Not Acceptable: http://magic.kayaker.net/simlink.php?avname=http://junk.com While this one does not: http://magic.kayaker.net/simlink.php?name=http://junk.com (fails whether I escape the query or not) The second one gets an unknown command, which is an error my script generates, the first one returns the not acceptable without ever running my php script. My solution has been to strip the http:// off all URLs and have the scripts on both ends put it back on.

Answer 7

In my case, I received this error when sending to viewer file wrong path to the file it needed to view.

err: example.com/subDir/myViewer.php?file=%27../../myImages/myFile.gif%27
fix: example.com/subDir/myViewer.php?file=%27../myImages/myFile.gif%27

Answer 8

It had the same problem when enter a link in a form. It's is not the http:// or https://

In the form i had

<input type='text' name='demo'>

The name='demo' wasn't accepted anymore. I altered name='demo' into name='link' and solve it.

Answer 9

Most of the time this error occurs due to location. in my case, that was also an IP issue. Use any FREE VPN to fix this issue for a permanent solution you can contact your hosting provider to white list your IP.

Answer 10

Using HTTP header in request helped in my case headers = {'user-agent': ...} requests.get(url, headers=headers)

Answer 11

I had the same error when submitting a form to insert values into a database. The issue was that one of the form inputs was a link (with https). Once I took that input out, the error stopped showing up.

Answer 12

...In my case I was trying to save a Wordpress menu, with a link that pointed to #process (a div´s ID)...changed the #process to #ourprocess and it worked...

pretty strange if you asked me, but as real as it gets, I was able to replicate the issue more than 10 times. It is definitely the URL of the link that is blacklisted...

so, if you are using Wordpress in a shared hosting (in my case is Bluehost) it could be this... or something similar.

Answer 13

If this is on WordPress, You just need to contact your hosting provider, They will white list your IP

Answer 14

For me it was a missing Content-Type header in my Insomnia requests!

Shout out to this blog post:

https://clay-atlas.com/us/blog/2021/10/17/wordpress-en-not-acceptable-mod-security/

Answer 15

Encountered same issue today.

I was trying to access wordpress admin dashboard with browsec vpn turned on.

I turned it off and issue was resolved in seconds.