New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

406 Not Acceptable #630

Closed
jzmwebdevelopment opened this Issue Jul 27, 2011 · 5 comments

Comments

Projects
None yet
4 participants
@jzmwebdevelopment

jzmwebdevelopment commented Jul 27, 2011

I have the following issue with the below page -> has now made account 406

--eec82042-A--
[27/Jul/2011:16:05:44 +1200] KY5J2W9B4z0AAF7NQyEAAAAK 118.92.113.161 49667 111.$
--eec82042-B--
GET /installer/index.php/installer/complete HTTP/1.1
Host: www.domain.co.nz
Connection: keep-alive
Referer: http://www.Domain.co.nz/installer/index.php/installer/step_4
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_2) AppleWebKit/534.30 ($
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie:

--eec82042-F--
HTTP/1.1 406 Not Acceptable
Content-Length: 408
Keep-Alive: timeout=5, max=99

@jerel

This comment has been minimized.

Member

jerel commented Jul 27, 2011

Can you give any more information about what Pyro does or doesn't do when you get this error? 406 errors are quite rare and from what I've seen are usually server misconfigurations

@jzmwebdevelopment

This comment has been minimized.

jzmwebdevelopment commented Jul 28, 2011

I have tried again but my pyrocms install did not see the stylesheet for the default theme (files are there), I also got a 404 with the page after you click install -> I think this is where you pick where to go?. Strange

@jzmwebdevelopment

This comment has been minimized.

jzmwebdevelopment commented Jul 29, 2011

Futher to this issue I have tried again and had the same issue as above, but now I am getting data in the error log:

ModSecurity: Access denied with code 406 (phase 2). Pattern match "\b(?:(?:s(?:ys(?:(?:(?:process|tabl)e|filegroup|object)s|c(?:o(?:nstraint|lumn)s|at)|dba|ibm)|ubstr(?:ing)?)|user_(?:(?:(?:constrain|objec)t|tab(?:column|le)|ind_column|user)s|password|group)|a(?:tt(?:rel|typ)id|ll_objects)|object(?:(?:nam|typ)e|id)| ..." at REQUEST_HEADERS:Cookie. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "88"] [id "959904"] [msg "Blind SQL Injection Attack"] [data "user_password"] [severity "CRITICAL"] [tag "WEB_ATTACK/SQL_INJECTION"] [hostname "www.domain.co.nz"] [uri "/home/domain/public_html/"] [unique_id "-eON6W9B4z0AAG-7R4AAAAAV"]

@philsturgeon

This comment has been minimized.

Member

philsturgeon commented Oct 4, 2011

I'd look for help with mod_security, this does not seem like a pyro fault.

@ghost

This comment has been minimized.

ghost commented Jun 8, 2013

I've been troubleshooting this problem for installs on a stock WHM/cPanel server running Cent OS 6.2, with LFD and CSF firewall installed. It seems this is the one of the few more known content management systems that cannot be installed on our system.

I find the attitude of Phil Sturgeon on this topic a great example why PyroCMS should NOT be used. I've been forced to write another content management system because they all seem to have some strange problem or design flaw that is grossly overlooked.

For a paid product, this product needs to work in stock environments. If not, then it needs to be known that it cannot run on a server with basic mod_security setup.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment