Re: [mod-security-users] 406 Error and 506 Error.
Brought to you by:
victorhora,
zimmerletw
From: Brian R. <Bri...@br...> - 2008-12-05 22:05:15
|
Surya Sharma wrote: > My host provides me the following setup: > > Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8b > mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 > > At this link : > http://[xyz.com/index.php?page=checkout.index&payment_method_id=4&ship_to_info_id=9be78960d98c486f21531e1d01c661e9&shipping_rate_id=standard_shipping%7CUnited+States+Postal+Service%7CStandard+Shipping+%28US+Only%29%7C7.50%7C3&checkout_this_step=99&checkout_next_step=99&option=com_virtuemart&Itemid=34 > <http://xyz.com/index.php?page=checkout.index&payment_method_id=4&ship_to_info_id=9be78960d98c486f21531e1d01c661e9&shipping_rate_id=standard_shipping%7CUnited+States+Postal+Service%7CStandard+Shipping+%28US+Only%29%7C7.50%7C3&checkout_this_step=99&checkout_next_step=99&option=com_virtuemart&Itemid=34> > > I get the foll error: > > Not Acceptable > > An appropriate representation of the requested resource /index.php could > not be found on this server. > Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8b > mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 > > And have this in my error log: > > File does not exist: /home/[xyz]/public_html/404.shtml, referer: > http://[xyz.com > <http://xyz.com>].com/index.php?page=checkout.index&cartReset=N&&option=com_virtuemart&Itemid=32 > > With these from the error log: > Code: > File does not exist: /home/[xyz]/public_html/404.shtml, referer: > http://[xyz.com > <http://xyz.com>].com/index.php?page=checkout.index&cartReset=N&&option=com_virtuemart&Itemid=32 Well, that does not look like a ModSecurity issue, but that http://xyz.com>].com/index.php is not there (404 error) and you have a ErrorDocument for 404 errors pointing to /home/[xyz]/public_html/404.shtml which is also not there. > > I've tried to turn off SecFilterEngine and SecFilterScanPOST, but then I > get an Internal server error, with this from the log file: > > Code: > /home/[xyz]/public_html/.htaccess: Invalid command 'SecFilterScanPOST', > perhaps mis-spelled or defined by a module not included in the server > configuration, referer: http://xyz.com/index.php > > and > > Code: > /home/[xyz]/public_html/.htaccess: Invalid command 'SecFilterEngine', > perhaps mis-spelled or defined by a module not included in the server > configuration, referer: http://[xyz].com/index.php > > Can someone help me find the cause of the errors? You just commented out/removed the LoadModule line for ModSecurity. This module defined the 'SecFilterScanPOST' and 'SecFilterEngine' directives and thus without the module loaded, they are syntax errors. You need to remove all the ModSecurity directives (or place them within <IfModule mod_security.c> blocks). -B -- Brian Rectanus Breach Security |