• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
mod_security 406 Error

#1
[eluser]howarde[/eluser]
Hi

My web host has reported that my CI site is generating a 406 error. They have not been particularly helpful as to what it is and I am not a mod_security expert. Apart from the code I added, the only addition to the CI standard 1.7.1 is BackEndPro. I have the same config running on other hosts without a problem.

The site is a very simple form->db->email site. Only a couple of pages.

The mod_security log is:

Access denied with code 406 (phase 2). Pattern match "(?:\b(?:on(?Sad?:mo(?:use(?:o(?:ver|ut)|down|move|up)|ve)|key(?:press|down|up)|c(?:hange|lick)|s(?:elec|ubmi)t|(?:un)?load|dragdrop|resize|focus|blur)\b\W*?=|abort\b)|(?:l(?:owsrc\b\W*?\b(?Sad?:java|vb)script|shell)|ivescript)|(?:href|url)\b\W*?\b(?Sad?:j ..." at REQUEST_FILENAME. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "79"] [id "950004"] [msg "Cross-site Scripting (XSS) Attack. Matched signature <.cookie>"] [severity "CRITICAL"]

Anyone have any ideas ?

howard


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.