Topic: mod_security, 406 error and htaccess files
Hi there,
I've read up on all of the troubleshooting topics regarding this issue. I just wanted to catalogue the progress with my ISP (webfusion/pipex uk) as I've challenged them to find the problem.
I sent this after explaining my problem and they asked for the control panel login on the forum:
***E-mail 1***
Dear Pipiex/Webfusion support,
In reply to your request you can replicate my problem, log in to the forum installation as:
(www.newagenet.co.uk/hangfan/forum)
User: *******
Pass: *******
Then click on "user list" (2nd option in top menu) Select the user "hammertime" (4th name listed) Then click on "Administration" in the left hand vertical menu.
From there you should be able assign account type (user, moderator etc.) or delete/ban them
When you attempt any of these actions, the server throws up a 406 error, stating the resource cannot be found.
Searching on the net reveals a possible mod_security setting that may interfere with this sort of http operation.
I'm merely regurgitating stuff here, I have no experience in this area (as yet!).
I hope this helps resolve the problem,
Take care,
Torbz
***************
They then replied:
***REPLY 1****
Hi,
When you attempt to delete a user or any of teh actions as you have stated you receive a 406 error as the file it is looking for to action the delete command wither has become corrupted or it can't find teh command in the script.
It is looking for:
/hangfan/forum/profile.php
You can check the forums on teh internet for this error, can youy please confirm when you first received this error. We have not carried out any php updates or upgrades in the last few weeks so this should not be the cause. Please also check teh file permissionns for the above file as they should be 755.
If you can provide further information on this we can try to help you reolve this or provide further information for you to try.
Regards
Minesh Patel
WebFusion 2nd Line Support
PIPEX
********************
I basically then told them that the issue wasn't punBB and definitely the mod_security settings and that they should look in to it further.
They replied:
****Reply 2****
Hi,
Thank you for your email.
We do run Mod_security on the server, if you could let us know the page you are having problems with we can ask the engineers to adjust the rules for you.
In the meantime you can turn mod_security off by adding a .htaccess file with the following line.
SetEnv MODSEC_ENABLE "Off"
I hope that this helps.
Regards,
Keith Boyd
Webfusion 2nd Line Support
PIPEX
*************
So, I fiddled about for half an hour with their code, then looked into it further and tried all sorts of variations including:
SecFilterEngine Off
SecFilterScanPOST Off
which I'd found on other forums regarding similar mod_security issues.
none of it worked, despite me putting the .htaccess code in all the directories I could think of (root, the hangfan sub-directory and the forum sub directory).
Has anyone any advice on how to go forward? I've since sent them an e-mail saying it doesn't work and we'll see what reply comes, but never having heard of mod_security before, I'm left with too steep a learning curve to know what to do next.
Help and advice appreciated greatly!
thanks,
torbz
www.hangfan.co.uk
PunBB installation at www.hangfan.co.uk/forum