6.06 to 6.4.17 and Error 406 - Not Acceptable
How Do I?
Hi there,
I just upgraded ComicsReporter.com from 6.0.6 to the latest version and now I’m getting:
Error 406 - Not Acceptable Generally a 406 error is caused because a request has been blocked by Mod Security. If you believe that your request has been blocked by mistake please contact the web site owner.
I am not able to log into my Admin or do anything now. It seemed to completely crash the website.
I did do some googling but everything I’ve found does not seem to work.
I’ve gone into the htaccess file and added
<IfModule mod_security.c>
SecFilterEngineOff
SecFilterScanPOSTOff
</IfModule>but that didn’t work. I removed the code. Then I tried adding
<IfModule mod_security.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>and that also didn’t work. I’ve also removed this code as well, putting it back to the way it was left after the upgrade. This is what my htaccess looks like now.
# BEGIN InMotion Hosting Block Bots
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} (Bytespider|facebookexternalhit|YisouSpider|SemrushBot|AhrefsBot|bingbot|PetalBot|DotBot|meta-externalagent|Barkrowler|AwarioSmartBot|ClaudeBot|GPTBot|Applebot|Baiduspider|Turnitin) [NC]
RewriteRule .* - [F,L]
# END InMotion Hosting Block Bots
RewriteOptions inherit
# Begin IP blocking #
Order Allow,Deny
Deny from 86.121.6.10
Allow from all
# End IP blocking #
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# BEGIN cPanel-generated php ini directives, do not edit
# Manual editing of this file may result in unexpected behavior.
# To make changes to this file, use the cPanel MultiPHP INI Editor (Home >> Software >> MultiPHP INI Editor)
# For more information, read our documentation (https://go.cpanel.net/EA4ModifyINI)
<IfModule php7_module>
php_flag display_errors Off
php_value max_execution_time 30
php_value max_input_time 60
php_value max_input_vars 1000
php_value memory_limit 256M
php_value post_max_size 128M
php_value session.gc_maxlifetime 1440
php_value session.save_path "/var/cpanel/php/sessions/ea-php72"
php_value upload_max_filesize 2M
php_flag zlib.output_compression Off
</IfModule>
<IfModule lsapi_module>
php_flag display_errors Off
php_value max_execution_time 30
php_value max_input_time 60
php_value max_input_vars 1000
php_value memory_limit 256M
php_value post_max_size 128M
php_value session.gc_maxlifetime 1440
php_value session.save_path "/var/cpanel/php/sessions/ea-php72"
php_value upload_max_filesize 2M
php_flag zlib.output_compression Off
</IfModule>
# END cPanel-generated php ini directives, do not edit
# php -- BEGIN cPanel-generated handler, do not edit
# Set the “ea-php72” package as the default “PHP” programming language.
<IfModule mime_module>
AddHandler application/x-httpd-ea-php72 .php .php7 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not editAny ideas on how to fix this?
Thank you.
Not sure if this helps, but i see you are running php7.2 I’ve had lots of issues with that php version. Lots. Maybe see if you can move to a more stable php 7.4?
Hi jelle
Based on your comment, I went into Mulit PHP Manager in my cpanel and upgraded the php from 7.2 to 8.4. That got the site back up, but with all the images broken. I still can’t get into the back end Expression Engine as it still shows the 406 error. Looking at the documentation I’m seeing v6.4.15 is known to be compatible with 8.2 but is yellow for 8.4, so I downgraded the version to 8.2 but that made no difference. I checked the htaccess file to confirm that it’s showing php 8.2 and it is. Here it is below:
# BEGIN InMotion Hosting Block Bots
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} (Bytespider|facebookexternalhit|YisouSpider|SemrushBot|AhrefsBot|bingbot|PetalBot|DotBot|meta-externalagent|Barkrowler|AwarioSmartBot|ClaudeBot|GPTBot|Applebot|Baiduspider|Turnitin) [NC]
RewriteRule .* - [F,L]
# END InMotion Hosting Block Bots
RewriteOptions inherit
# Begin IP blocking #
Order Allow,Deny
Deny from 86.121.6.10
Allow from all
# End IP blocking #
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# BEGIN cPanel-generated php ini directives, do not edit
# Manual editing of this file may result in unexpected behavior.
# To make changes to this file, use the cPanel MultiPHP INI Editor (Home >> Software >> MultiPHP INI Editor)
# For more information, read our documentation (https://go.cpanel.net/EA4ModifyINI)
<IfModule php8_module>
php_flag display_errors Off
php_value max_execution_time 30
php_value max_input_time 60
php_value max_input_vars 1000
php_value memory_limit 256M
php_value post_max_size 128M
php_value session.gc_maxlifetime 1440
php_value session.save_path "/var/cpanel/php/sessions/ea-php82"
php_value upload_max_filesize 2M
php_flag zlib.output_compression Off
</IfModule>
<IfModule lsapi_module>
php_flag display_errors Off
php_value max_execution_time 30
php_value max_input_time 60
php_value max_input_vars 1000
php_value memory_limit 256M
php_value post_max_size 128M
php_value session.gc_maxlifetime 1440
php_value session.save_path "/var/cpanel/php/sessions/ea-php82"
php_value upload_max_filesize 2M
php_flag zlib.output_compression Off
</IfModule>
# END cPanel-generated php ini directives, do not edit
# php -- BEGIN cPanel-generated handler, do not edit
# Set the “ea-php82” package as the default “PHP” programming language.
<IfModule mime_module>
AddHandler application/x-httpd-ea-php82 .php .php8 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not editI also checked mySQL and it is version: 10.6.21-MariaDB-log
Any other ideas?
This should be <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteRule ^index.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] </IfModule>
Maybe if you take all stuff out of the htaccess, (except for the cpanel generated stuff and only put in the above rules?
I don’t think it will help much. My hunch is that there is some aggresive firewall rules at play
Hi jelle
I tried your suggestion and it didn’t change anything. I removed
# BEGIN InMotion Hosting Block Bots
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} (Bytespider|facebookexternalhit|YisouSpider|SemrushBot|AhrefsBot|bingbot|PetalBot|DotBot|meta-externalagent|Barkrowler|AwarioSmartBot|ClaudeBot|GPTBot|Applebot|Baiduspider|Turnitin) [NC]
RewriteRule .* - [F,L]
# END InMotion Hosting Block Bots
RewriteOptions inherit
# Begin IP blocking #
Order Allow,Deny
Deny from 86.121.6.10
Allow from all
# End IP blocking #
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]added it looking like this as I think that’s right.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>I then tried just leaving the htaccess file as htaccess.bak and reloading the site and that didn’t change anything either. I’m starting to think this might not have anything to do with the htaccess file (anymore) and it’s something else that’s causing this, but I’m not sure what that could be.
Yes i was expecting it not to make a difference… I’d contact support from the hosting. Looks like it’s their firewall / mod security
Just an update. I was able to get my site back up and running after changing my security for the site. I was about to wipe it, do a fresh install and use the SQL backups to try and restore the site, but then I was seeing that the permissions should be 755. I believe my webhost had made some changes due to the amount of traffic it was getting. After setting it back to 755 everything started working again.
Thanks for the help.
I am also facing this situation. It is a headache that I have not found a solution yet. But luckily I found this article of yours! It is very helpful.