mod_security 406 Error - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20) +--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23) +--- Thread: mod_security 406 Error (/showthread.php?tid=25651)

mod_security 406 Error - El Forum - 12-19-2009 [eluser]howarde[/eluser] Hi My web host has reported that my CI site is generating a 406 error. They have not been particularly helpful as to what it is and I am not a mod_security expert. Apart from the code I added, the only addition to the CI standard 1.7.1 is BackEndPro. I have the same config running on other hosts without a problem. The site is a very simple form->db->email site. Only a couple of pages. The mod_security log is: Access denied with code 406 (phase 2). Pattern match "(?:\b(?:on(??:mo(?:use(?:o(?:ver|ut)|down|move|up)|ve)|key(?:press|down|up)|c(?:hange|lick)|s(?:elec|ubmi)t|(?:un)?load|dragdrop|resize|focus|blur)\b\W*?=|abort\b)|(?:l(?:owsrc\b\W*?\b(??:java|vb)script|shell)|ivescript)|(?:href|url)\b\W*?\b(??:j ..." at REQUEST_FILENAME. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "79"] [id "950004"] [msg "Cross-site Scripting (XSS) Attack. Matched signature <.cookie>"] [severity "CRITICAL"] Anyone have any ideas ? howard