1

I'm having this problem with a form, whenever I submit a form in this new server I get a 406 Error - Not Acceptable.

I only have access to the FTP of this server so any changes I have to made is limited by that.

I've checked if mod_security is enabled by doing this:

<IfModule mod_security.c>

... Perform some kind of redirect or re-writing in here ...

</IfModule>

It didn't redirect so it means mod_security is not installed? If I run the redirect outside the IfModule tag it would redirect without any problem.

I've created a test form for you guys to test, just type in % on any field and click submit then it would display the error. Any alphabet character is okay and will not display the error.

(removed link)

Also I've added this in my htaccess file and the problem is still there.

<IfModule mod_security.c>
        SecFilterEngine Off
        SecFilterScanPOST Off
</IfModule>

What seems to be the problem here?

officeboi101
  • 219
  • 4
  • 16
  • Out of curiosity, what happens if you just turn the filters off without the block? – Jon Lin Nov 14 '11 at 18:57
  • do you have Suhosin installed? –  Nov 14 '11 at 19:01
  • It's giving me 500 Internal Server Error – officeboi101 Nov 14 '11 at 19:05
  • 1
    Where are you making your apache config changes? In an .htaccess file? Is apache configured to read .htaccess files? If you're changing httpd.conf directly, you may have to restart apache to make it reread your config files. – Frank Farmer Nov 14 '11 at 19:12
  • I'm changing in .htaccess file. I can use mod_rewrite in htaccess without any problem at all so that would mean apache is reading the htaccess file correct? – officeboi101 Nov 14 '11 at 19:23
  • Can you try a phpinfo() to see what modules are running? @Frank may be right about the apache config not honoring .htaccess files. If what you have tried doesn't work, I would contact my webhost and check from there. –  Nov 14 '11 at 19:28
  • 2
    @officeboi101 .htaccess files can be selectively handled by Apache; check [here.](http://httpd.apache.org/docs/2.0/mod/core.html#allowoverride) As such, mod_rewrite might work, but mod_security might not override from your .htaccess. –  Nov 14 '11 at 19:30
  • @lunchmeat317 what do I have to look for in the phpinfo results? I searched for mod_security and it's not there. I have this though – officeboi101 Nov 14 '11 at 23:45
  • SERVER_SOFTWARE Apache/2.2.21 (Unix) mod_ssl/2.2.21 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 – officeboi101 Nov 14 '11 at 23:45

2 Answers2

1

I had the same problem, and it was because of encoding. When the form fields had acute accents it failed, showing 406 error. I converted the files to UTF-8 and addded UTF-8 meta tag and now it's working without problem.

Andrés Valenzuela
  • 11
  • 1
0

Edit: My original answer.

This is your problem.

You should look into sanitizing your data with the readily available PHP functions. They can be found here, at PHP.net.

This SO question may help you as well.

Sanitizing strings to make them URL and filename safe?

Best of luck.

I was wayyy off the mark here. My apologies.

In your position, I would simply contact my webhost - they may not be allowing your .htaccess to override that specific directive. Additionally, since you've only got FTP access, it seems like you'd be dependent on them anyway.

Again, best of luck. Since it isn't your webserver, you're at the mercy of your host.

Community
  • 1
  • 1
  • 1
    It seems like the OP has an apache problem, not a PHP problem. If apache is rejecting the request, that's probably not something he can fix in PHP. – Frank Farmer Nov 14 '11 at 19:10
  • @FrankFarmer - Whoops. I assumed that it was a GET string, not a POST. As far as I know, PHP should URL-encode everything anyway, but I thought maybe something had gone wrong. Looking for a solution. –  Nov 14 '11 at 19:22