HELP! I'm getting a "406 Not Acceptable" message

21 posts by 4 authors in: Forums > CMS Builder
Last Post: August 1, 2014   (RSS)

By Mikey - June 24, 2014

I installed CMS Builder on a Godaddy Linux Deluxe Server this morning. While adding content to the sections editors I've created I got the message below when trying to enter information into three text fields. Anyone ever experience this before and know of a fix?

406 Not Acceptable
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>406 Not Acceptable</title>
</head><body>
<h1>Not Acceptable</h1>
<p>An appropriate representation of the requested resource /cmsAdmin/admin.php could not be found on this server.</p>
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
</body></html>


Thanks, Zick

By Mikey - June 25, 2014

I think this issue is related to mod_ security, but I'm not certain and what ever the issue is - I'm still unable to get this to work. Any ideas, suggestions would be greatly appreciated.

By claire - June 25, 2014

Hi Zicky

I've done some checking on this and it does look like it's related to mod_security. Have you talked to GoDaddy about the error?

I'll refer this to a senior programmer here.

--------------------

Claire Ryan
interactivetools.com

Save time by getting our experts to help with your project.
http://www.interactivetools.com/consulting/

By Mikey - June 25, 2014

Yes, I reached out to Godaddy, but hit a dead end with them. I don't have the ability to modify the setting through cPanel and Godaddy won't change the mod_security setting for me.

By claire - June 25, 2014

Okay, can you email your cmsAdmin login to me? My address is claire@interactivetools.com.

I'll see if I can find anything obvious.

--------------------

Claire Ryan
interactivetools.com

Save time by getting our experts to help with your project.
http://www.interactivetools.com/consulting/

By Mikey - June 25, 2014

Hey Claire - the info you requested has been sent, along with an explanation, snapshots and a direct link to the section where the issue is triggering the 406.

By Mikey - June 25, 2014

Hey Claire - just wanted to see if you got the log in info I sent.

By Dave - June 27, 2014

Hi Zicky, 

I just wanted to post our findings on this to date in case anyone has a similar problem (I've changed the domains in the URL) - reposting: 

The issue is that the web host has some security mechanisms in place that attempt to block malicious urls.  The problem is that these security mechanisms are generating "false positives", just like when you get a valid email in your spam filter.  

So many URLs that contains "http://" get rejected.  This is a problem because it prevents you from entering the URL of some of your social media sites into your CMS because when those forms get submitted to the CMS via either GET or POST submissions they get blocked for containing a "http://" value that matches a securityfilter even though they are perfectly normal urls.

Adding ?address=http%3A%2F%2F to ANY url on the site demonstrates the problem, here's an example:http://example.com/?address=http%3A%2F%2F

The server returns this response to the above url: 

Not Acceptable
An appropriate representation of the requested resource / could not be found on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

But you'll note that changing http:// to abcd:// allows the site to function as normal:http://example.com/?address=abcd%3A%2F%2F

Can you forward this email to your web host, ask them what security filters they have in place and if they can disable or update them so they don't get triggered when we submit a form that contains "http://" in the value?

Let me know what they say, thanks!

Dave Edis - Senior Developer
interactivetools.com

By rconring - June 30, 2014

I recently started using Go Daddy hosting and had the same error.  I called tech support and after a lengthy discussion with the support person about the issue, she put me on hold and got the sys admin to modify the mod_security setting.  All is well now.  I don't know why they told you they couldn't do it for you.

Ron Conring
Conring Automation Services
----------------------------------------
Software for Business and Industry Since 1987