406 error Not Acceptable

More
11 years 8 months ago #33818 by grantiago
I just upgraded to FLEXIContent - 2.0 - RC9b r1601 -- on a joomla 2.5.9 site. On the first save of content, I was logged out and sent to the front end. Then I got the 406 error. I am working on my host with the issue now.
Code:
Not Acceptable An appropriate representation of the requested resource / could not be found on this server.

this is from my whm mod_security log
Code:
Access denied with code 406 (phase 2). Pattern match "\\b(\\d+) ?= ?\\1\\b|[\\'\"](\\w+)[\\'\"] ?= ?[\\'\"]\\2\\b" at REQUEST_HEADERS:Cookie. [file "/usr/local/apache/conf/modsec-imh/pcre_821.conf"] [line "11"] [id "959901"] [msg "SQL Injection Attack"] [data "0=0"] [severity "CRITICAL"] [tag "WEB_ATTACK/SQL_INJECTION"]

any ideas? anyone else seeing this?

Please Log in or Create an account to join the conversation.

More
11 years 8 months ago #33819 by ggppdk
Replied by ggppdk on topic 406 error Not Acceptable
-- This sounds like a false-positive,
but still maybe we should find why the mod_security rule is being triggered

-- Maybe it is related to the value of a specific field

Can you do this:

1. Duplicate the Content Type of the item that caused this when saving (thus the new Content Type will have assigned the same items as the old one)

2.
a. Try to save a new item of the new Content Type , does it save?
b. Edit the new item and put in the same values as the other item that failed, does it save?

If it does not save, remove assignments of some fields of the new Content Type and try saving again, repeat until item save OR you run out of custom fields


-- Flexicontent is Free but involves a big effort on our part.
Like the our support? (for a bug-free FC, despite having a long list of functions) Like the features? Like the ongoing development and future commitment to FLEXIcontent?
-- Add your voice to the FLEXIcontent JED listing with a 5-star...

Please Log in or Create an account to join the conversation.

More
11 years 8 months ago #33834 by grantiago
Replied by grantiago on topic 406 error Not Acceptable
thanks for your reply. Wow that was exciting. It Wasn't flexicontent :oops: but the coincidence of having my browser hijacked sometime in the session while I was working on flexicontent. When I hit save, mod-security on my server correctly spotted me as a sql injection attacker.

That took about 10 hours to figure that out: complete restore of the site. Complete reconfig of all the security on my server. complete reinstall and sweep of my pc and Firefox and Chrome. Funny it was trying IE that let me to see the other two browsers were hijacked.

Any way I am enjoying flexicontent. I'm just starting to see the beauty of the extension. Thanks for the great extension and fast reply.

Please Log in or Create an account to join the conversation.

More
11 years 8 months ago #33837 by ggppdk
Replied by ggppdk on topic 406 error Not Acceptable
Thanks for the feedback,

it is of great value,


-- Flexicontent is Free but involves a big effort on our part.
Like the our support? (for a bug-free FC, despite having a long list of functions) Like the features? Like the ongoing development and future commitment to FLEXIcontent?
-- Add your voice to the FLEXIcontent JED listing with a 5-star...

Please Log in or Create an account to join the conversation.

More
11 years 8 months ago #33866 by grantiago
Replied by grantiago on topic 406 error Not Acceptable
406 error is Back again. It is flexicontent that is triggering mod_sec. once it triggers it blocks my browser. Not sure of how that is happening.
Code:
Access denied with code 406 (phase 2). Pattern match "\\b(\\d+) ?= ?\\1\\b|[\\'\"](\\w+)[\\'\"] ?= ?[\\'\"]\\2\\b" at REQUEST_HEADERS:Cookie. [file "/usr/local/apache/conf/modsec-imh/pcre_821.conf"] [line "11"]
this came after saving a modification in a category from the backend through flexicontent.

I will go look at that line in the .conf file later when I have time. Let me know if there is anything else you need to know.

If I turn off mod sec the site loads. Or if I uninstall and reconfigure my browser locally. ???

I can load the site from a proxy, or another browser, but not the one that triggered mod sec. ??

Please Log in or Create an account to join the conversation.

More
11 years 8 months ago #33872 by ggppdk
Replied by ggppdk on topic 406 error Not Acceptable
I see in the log,
that this rule is triggered by ( [data "0=0"] ) inside a COOKIE,
meaning in your browser there is a cookie that is containing text like this :

.... 0=0 .....

The above triggers your security rule, (Maybe a False positive or an infection in your browser)


Please do these to make sure:

1. install "web-developer" extension for Firefox
2. visit flexicontent site and visit page that triggers the mod_security rule
3. in web-developer toolbar (and while being in FLEXIcontent TAB) do "View Cookie Information"
4. Search for text 0=0
5. Do you find one or more Cookies that have the above ??

What is their name and their FULL text ???


-- Flexicontent is Free but involves a big effort on our part.
Like the our support? (for a bug-free FC, despite having a long list of functions) Like the features? Like the ongoing development and future commitment to FLEXIcontent?
-- Add your voice to the FLEXIcontent JED listing with a 5-star...

Please Log in or Create an account to join the conversation.

Moderators: vistamediajoomlacornerggppdk
Time to create page: 0.987 seconds
Save
Cookies user preferences
We use cookies to ensure you to get the best experience on our website. If you decline the use of cookies, this website may not function as expected.
Accept all
Decline all
Essential
These cookies are needed to make the website work correctly. You can not disable them.
Display
Accept
Analytics
Tools used to analyze the data to measure the effectiveness of a website and to understand how it works.
Google Analytics
Accept
Decline