Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
406 Not Acceptable #630
I have the following issue with the below page -> has now made account 406
Futher to this issue I have tried again and had the same issue as above, but now I am getting data in the error log:
ModSecurity: Access denied with code 406 (phase 2). Pattern match "\b(?:(?:s(?:ys(?:(?:(?:process|tabl)e|filegroup|object)s|c(?:o(?:nstraint|lumn)s|at)|dba|ibm)|ubstr(?:ing)?)|user_(?:(?:(?:constrain|objec)t|tab(?:column|le)|ind_column|user)s|password|group)|a(?:tt(?:rel|typ)id|ll_objects)|object(?:(?:nam|typ)e|id)| ..." at REQUEST_HEADERS:Cookie. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "88"] [id "959904"] [msg "Blind SQL Injection Attack"] [data "user_password"] [severity "CRITICAL"] [tag "WEB_ATTACK/SQL_INJECTION"] [hostname "www.domain.co.nz"] [uri "/home/domain/public_html/"] [unique_id "-eON6W9B4z0AAG-7R4AAAAAV"]
referenced this issue
Oct 5, 2012
I've been troubleshooting this problem for installs on a stock WHM/cPanel server running Cent OS 6.2, with LFD and CSF firewall installed. It seems this is the one of the few more known content management systems that cannot be installed on our system.
I find the attitude of Phil Sturgeon on this topic a great example why PyroCMS should NOT be used. I've been forced to write another content management system because they all seem to have some strange problem or design flaw that is grossly overlooked.
For a paid product, this product needs to work in stock environments. If not, then it needs to be known that it cannot run on a server with basic mod_security setup.