406 error Not Acceptable

More
11 years 8 months ago #33924 by grantiago
Replied by grantiago on topic 406 error Not Acceptable
I'm not sure about an infection on my pc. If something is infected, it is well hidden. I will scan again and look around as well.

As anyone would, before letting an expert see the sloppy install on my test site, :oops: I scrambled around late last night and did some site-wide cleanup: turned off seo, deleted a bunch of trashed menu items, categories, joomla demo stuff. Rebuilt all the trees. Cleaned up the htaccess file and removed a bunch of unused plugins from the files and db.

This morning I noticed a new version of flexicontent com. So that was wiped and installed as well. not the db however. I too was having a hard time getting mod sec to trigger last night. I did, but, got in a bunch of saves and modifies before triggering the 406 warning.

I have some other pressing work this morning and will see if I can get the error to go again tonight.

One thing I noticed last night. The cookies that were triggering the 406 were "jpanesliders_panel-sliders" when I deleted those, I could get the page to load without turning of mod security. The value was always 0 not 0:0. Any ideas on what is generating those cookies? Almost everytime I save in the frontend it adds a jpanesliders_plugin-sliders-81, jpanesliders_plugin-sliders-82, etc. I currently have 6 jpane xx cookies. I am thinking that I'm going to reach a limit and trigger mod sec. But I have to go now.

Thanks for all your help.

Please Log in or Create an account to join the conversation.

More
11 years 8 months ago #33926 by ggppdk
Replied by ggppdk on topic 406 error Not Acceptable
Do you have a specific page that is triggering this mod_security Rule, or is it more random?


-- Flexicontent is Free but involves a big effort on our part.
Like the our support? (for a bug-free FC, despite having a long list of functions) Like the features? Like the ongoing development and future commitment to FLEXIcontent?
-- Add your voice to the FLEXIcontent JED listing with a 5-star...

Please Log in or Create an account to join the conversation.

More
11 years 8 months ago #33930 by grantiago
Replied by grantiago on topic 406 error Not Acceptable
Random. The cookies don't stack up in the frontend if I continue saving the same item. There are only three entries, so I just cycle through them. It seems every different edit adds another cookie. I did quite a bit of editing this morning and no 406.

Yesterday it triggered on editing a category in the backend and every edit on frontend items.

Please Log in or Create an account to join the conversation.

More
11 years 8 months ago #33941 by ggppdk
Replied by ggppdk on topic 406 error Not Acceptable
Ok , if you start getting it again, please post back here , we are always interested in such reports

Regards


-- Flexicontent is Free but involves a big effort on our part.
Like the our support? (for a bug-free FC, despite having a long list of functions) Like the features? Like the ongoing development and future commitment to FLEXIcontent?
-- Add your voice to the FLEXIcontent JED listing with a 5-star...

Please Log in or Create an account to join the conversation.

More
11 years 7 months ago #34944 by grantiago
Replied by grantiago on topic 406 error Not Acceptable
I am still getting the 406 error. I have a fresh install of windows7 64bit on my pc with only chrome, firefox ie10, ultra edit, office, ccleaner.

I have an absolutely clean install of joomla 2.5.9 and v2.0.0 of flexicontent.

what seems to trigger the 406 error is when trying to add a tag to a new article it gives a popup dialog

Failed to add tag


then the 406 starts.

from my error log :

administrator/index.php?option=com_flexicontent&controller=items&task=items.add&typeid=1&xxxxxxxxxx=1
[Mon Mar 25 06:48:45 2013] [error] [client me] File does not exist:


and from mod sec:

Access denied with code 406 (phase 2). Pattern match "\\b(\\d+) ?= ?\\1\\b|[\\'\"](\\w+)[\\'\"] ?= ?[\\'\"]\\2\\b" at REQUEST_HEADERS:Cookie. [file "/usr/local/apache/conf/modsec-imh/pcre_821.conf"] [line "11"] [id "959901"] [msg "SQL Injection Attack"] [data "0=0"] [severity "CRITICAL"] [tag "WEB_ATTACK/SQL_INJECTION"]

Please Log in or Create an account to join the conversation.

More
11 years 7 months ago #34951 by grantiago
Replied by grantiago on topic 406 error Not Acceptable
Whoops I'm not sure about the tags creating the problem. But it is related. It seems every time I add an article joomla or flexi is adding three cookies.

Name jpanesliders_permissions-sliderscom_flexicontent
Value 0
Host x.com
Path /
Expires At end of session
Secure No
HttpOnly No

Name jpanesliders_plugin-sliders-90
Value 0
Host x.com
Path /
Expires At end of session
Secure No
HttpOnly No

Name jpanesliders_template-sliders-90
Value 0
Host x.com
Path /
Expires At end of session
Secure No
HttpOnly No

At this point the article will save without triggering mod sec. On creating a second article, three new cookies are added and the problem starts. If I delete the old cookies it doesn't trigger mod sec. But with the new cookies the tag failed popup is triggered. At this point I have to delete all cookies except the joomla session or it will trigger mod sec. Does the tag field have a relationship to one of the cookies? That is my uneducated guess.

Since new cookies are generated on each create or save perhaps they should be set to expire on save? Hope I made myself clear. :cry:

Please Log in or Create an account to join the conversation.

Moderators: vistamediajoomlacornerggppdk
Time to create page: 0.360 seconds
Save
Cookies user preferences
We use cookies to ensure you to get the best experience on our website. If you decline the use of cookies, this website may not function as expected.
Accept all
Decline all
Essential
These cookies are needed to make the website work correctly. You can not disable them.
Display
Accept
Analytics
Tools used to analyze the data to measure the effectiveness of a website and to understand how it works.
Google Analytics
Accept
Decline