Mod_security 406 with a '~' in the URL

Question

I get a 406 Not Acceptable error while having a URL similar to this:

www.example.com/search/find?q=YSBkZXJwIGZyb20gZGVycA~

and it seems to be due to the singular ~ character. I have to base64_encode() it, using this function:

function base64_url_encode($string = null) {
    return strtr(base64_encode($string), '+/=', '-_~');
}

Because the normal base64 encode generates an un-parseable URL.

I've had a look around and came across this answer: PHP/Apache Error:406 Not Acceptable

Which says to disable Mod_Security with:

<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>

I know I'll have to probably find a different rewrite for the function above, but how could I fix this as to not receive the error again, if there is any way?

Use another character, like the dot or something. Exclamation points come to my head (pun intended) — Ismael Miguel, Oct 29 '15 at 01:26

score 1 · Accepted Answer · answered Oct 29 '15 at 02:02

1

Instead of replacing = characters with ~, just remove them entirely. This is a common approach, and will not prevent values from being decoded.

answered Oct 29 '15 at 02:02

Beautiful. Was just about to update the question asking if I could remove the padding. Thanks. – Darren Oct 29 '15 at 02:04

Mod_security 406 with a '~' in the URL

1 Answers1