Welcome Guest, Not a member yet? Register   Sign In
mod_security 406 Error


My web host has reported that my CI site is generating a 406 error. They have not been particularly helpful as to what it is and I am not a mod_security expert. Apart from the code I added, the only addition to the CI standard 1.7.1 is BackEndPro. I have the same config running on other hosts without a problem.

The site is a very simple form->db->email site. Only a couple of pages.

The mod_security log is:

Access denied with code 406 (phase 2). Pattern match "(?:\b(?:on(?Sad?:mo(?:use(?:o(?:ver|ut)|down|move|up)|ve)|key(?:press|down|up)|c(?:hange|lick)|s(?:elec|ubmi)t|(?:un)?load|dragdrop|resize|focus|blur)\b\W*?=|abort\b)|(?:l(?:owsrc\b\W*?\b(?Sad?:java|vb)script|shell)|ivescript)|(?:href|url)\b\W*?\b(?Sad?:j ..." at REQUEST_FILENAME. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "79"] [id "950004"] [msg "Cross-site Scripting (XSS) Attack. Matched signature <.cookie>"] [severity "CRITICAL"]

Anyone have any ideas ?


Theme © iAndrew 2016 - Forum software by © MyBB