Error 406

I have the latest version of the component.
The system is well protected and free from viruses.
Error 406 occurs in Chrome and Internet Explorer at 3 different sites.
But they are all on the same host.

So the conclusion is this: of the FLEXIcontent module mod_security perceived as malicious.

It is unfortunate that this occurs with FLEXIcontent, not with K2, ContentBuilder, Cobalt and other.

It is unfortunate that this occurs with FLEXIcontent, not with K2, ContentBuilder, Cobalt and other.

How is this relevant ?? at all, :shock:
i could make mod_security rules to match any web software as malicious, what would that mean ??? 10 rules to match K2, 10 rules to match ContentBuilder, etc

Maybe I was mis-understood, i ll try to be more detailed bellow

1. the problem is not with FLEXIcontent
but with a mod_security rule that make a false positive

2. the creators of mod_security describes exactly this

3. A FALSE-POSITIVE is when a matching rule wrongly matches something that was not meant to be matched,

4. Many well know software web or desktop have been matched as virus by mod_security or anti-virus programs, this is the definition of a FALSE-POSITIVE

5. Despite the fact that this is not a FLEXIcontent issue at all , but problem with a --CUSTOM-- mod_security rule installed in server, we are willing to work with you to find what is happening , but to fix what????
guess your custom mod_security rule out of million combinations ? How could that be possible?

6. We install FLEXIcontent on SHARED servers of well-known provider that hosts millions of sites, they do not have the custom mod_security rule that you have.

In short
a. it is the responsibility of the rule maker to make rules that do not create false positives !!

b. despite the above we are willing to look into this,
but please look at the logs to find the rule that was matched and ask your administrator to fix it, also if this rule is important we will try to change FC code so that it will not be matched,

it could be as simple as adding a space into our code that will prevent the rule from being matched, (and if this mod_security rule is important or very common we are willing to do it)

but please tell us the rule that was matched !!

thank you so match for taking time to read the above

Best Regards

Okay, I'll try to find a provider that causes an error in the module mod_security.
In the worst case, I will ask him to turn off the module and have a look whether the component is correctly working.

Thank ggppdk for wanting to help!

Yes but you do not need to turn off the module

e.g.
- if you have 20 rules you may turn off only 1 of them (or modify this rule to be more "smart")

- also if this rule is common or important , we are willing to examine changes to our code so that the false-positive

So it would help us (you and other that may have similar mod_security rule) to know which rule was match
please ask administrator to copy-paste and send you a few lines out of apache log that tell which rules was trigger and what text was matched

Best Regards

That is the problem that the provider can not change any of the rules. It can only disable the module completely. I would request you remove it to make sure 100% that the problem mod_security.

But I understand you! First know that there they have a rule set!

Thanks for the clarification!

Ok they cannot change the rules, OK

but they can look at the log and copy-paste the rule that was matched , and then you will tell us, and if this is common rule
we could change FLEXIcontent code so that it is not matched.

Please if possible ask them to send you the log that was matched.

e.g. if you triggered the rule at about 7:36, you could tell them the rule was trigger at about 7:36 and they will find and copy-paste the relevant log lines

Thanks