PHP/Apache Error:406 Not Acceptable
Solution 1
Your website is generating error if any user input item is starting with either http://
or https://
.
When I try with a link starting with http://
I got a 406 Not Acceptable :
http://onkore.us/?blah=http://www.google.com
It is fine when I try this :
http://onkore.us/?blah=www.google.com
You've mentioned that you are having problem if it is more than one link , but when I try with two links like below , it is being fine :
http://onkore.us/?blah1=www.google.com&blah2=www.google.com
However either you could find and fix the issue which might be specific to your server configuration or you could try a work around .
I am not sure if this workaround helps , but considering that http://
or https://
are creating the issue , what I am thinking is to remove the http://
and https://
from user input . First you might want to try changing <input type="url"
to <input type="text"
so that URL format is not enforced . Then you could use Javascript to remove occurrences of http://
and https://
from the user input in the form before submitting to server . Additionally you could remove these from the data before populating the form values .
Hope this helps .
Regex : How to remove 'http://' from a URL in JavaScript
Solution 2
This error means that for example, you are asking the server for books (And you only understand Spanish). The server only has English and German Books.
Therefore the server has your answer but it will not give it to you, because he knows you won't do anything useful or you will do something bad with it!! (like not reading the books and throwing them to people's heads, for example).
406 Not Acceptable" is an unusual status code - the most common are 200, 404, 500, 301. You only see a 406 when something is wrong with the server, usually something silly but hard to diagnose.
Also:
This general error means the request you made was detected as a potential hack attempt to the server [...]
https://billing.stablehost.com/knowledgebase/178/What-does-406-Not-Acceptable-mean.html
The most common solution for this error is related with mod_security.
1. Mod_security
ModSecurity can monitor the HTTP traffic in real time in order to detect attacks [...] it operates as a web intrusion detection tool. ModSecurity can also act immediately to prevent attacks from reaching your web applications.
This 406 error might be from mod_security as a response from a possible attack via POST, passing some url's instead of plain and normal text.
The most common solution is to disable the POST scan and mod_security filtering in htaccess:
<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>
Also, in the terminal, execute:
sudo a2dismod security2_module
sudo service apache2 restart
To deactivate ModSecurity.
If that does not work, then edit the file
/etc/apache2/mod-security/modsecurity_crs_10_config.conf
And add a #
at the beggining of the line that has something like this:
SecDefaultAction “phase:2,log,deny,status:403,t:lowercase,t:replaceNulls,t:compressWhitespace”
Finally, restart apache
sudo service apache2 restart
Solution 3
I have been having this problem for a while and only once in a while, so it was hard to identify.
However, after some testing I have found the mistake in my case. It may be not in yours, but if anyone is having 406 Not Acceptable error it is worth a shot.
In my case that error occured whenever posted data had 'shell:' in it, which as I would guess is interpreted wrong and error is thrown. Solution for me was to replace that string before posting it.
Related videos on Youtube
Comments
-
iam-decoder over 1 year
So I received this error today, I've narrowed it down to this issue:
My site is my musician page here. It allows people to come in and see photos of me, news, my music and events I'm playing at.
Everything was going swell, I manually input data into MySQL to have it auto-feed to the home page. Now I'm adding the control panel so I can add, edit, delete things in the database from the web.
Everything works fine except for the ability to add/edit events. I've narrowed it down to the fact that I can't input 2 URLs or I get this error. I NEED to input 2 URLs (one to view the event page, one to buy tickets) but I can't input more than 1 at a time, is there anything I can do to correct or work around this error whether in apache or my code?
<?php $specevlink = "http://facebooklink.com"; $specgigtick = "http://ticketplacelink.com"; ?> <form method="post" action="index.php?page=editgigs"> <table> <tr> <td> Event Page (Link): </td> <td style="text-align: left;"> <input type="url" name="giglink" value="<?php echo $specevlink; ?>" /> </td> </tr> <tr> <td> Event Tickets (Link): </td> <td style="text-align: left;"> <input type="url" name="gigtick" value="<?php echo $specgigtick; ?>" /> </td> </tr> </table><br /> <input type="submit" name="editgig" value="submit" /><br /> <br /> </form>
EDIT:
I'm adding the full line of code so you can see exactly what I'm using,
Here's a pic of step 1 Here's a pic of step 2
This is included into an index.php file:
<?php if(isset($_GET["page"])){ $page = $_GET["page"]; } else { $page = ""; } if($page === "editgigs"){ include ('inc/logincheck.php'); ?> <div class="label"> EDIT GIGS </div><br /> <div style="margin: 0 auto; text-align: center; width: 100%"> <form method="post" action="index.php?page=editgigs"> <?php if(!isset($_POST['selectgigs'])){ if(!isset($_POST['updgigs'])){ ?> Select one of the options below:<br /> <br /> <select name="selgigs" style="max-width: 26%;"> <?php while($gigsall_data = mysqli_fetch_array($gigsall_query)){ $gigid = stripslashes($gigsall_data['idgigs']); $gigdate = stripslashes($gigsall_data['date']); $gigname = stripslashes($gigsall_data['name']); $gigdate = date('F j, Y', strtotime($gigdate)); ?> <option value="<?php echo $gigid; ?>"> <?php echo $gigdate; ?>: <?php echo $gigname; ?> </option> <?php } ?> </select><br /><br /> <input type="submit" name="selectgigs" value="Select" /><br /> <br /> <?php } } if(isset($_POST['selectgigs'])){ $gigtoed = trim($_POST['selgigs']); $specgig_query = mysqli_query($con, "SELECT * FROM `gigs` WHERE `idgigs` = '$gigtoed'") or die(mysqli_error($con)); $specgig_data = mysqli_fetch_array($specgig_query); $specdate = stripslashes($specgig_data['date']); $specname = stripslashes($specgig_data['name']); $specevlink = stripslashes($specgig_data['evlink']); $specgigtick = stripslashes($specgig_data['ticklink']); $specnos = stripslashes($specgig_data['noshow']); if($specnos === '0'){ $noshow = ''; } else { $noshow = 'checked'; } ?> <table style="border-spacing: 5px; padding: 10px;"> <tr> <td> Past Event?: </td> <td style="text-align: left;"> <input type="checkbox" name="nos" <?php echo $noshow; ?> /> Past Event </td> </tr> <tr> <td> Date: </td> <td style="text-align: left;"> <input type="date" name="gigdate" value="<?php echo $specdate; ?>" required /> </td> </tr> <tr> <td> Name: </td> <td style="text-align: left;"> <input type="text" name="gigname" value="<?php echo $specname; ?>" required /> </td> </tr> <tr> <td> Event Page (Link): </td> <td style="text-align: left; width: 350px;"> <input type="url" name="giglink" style="width: 100%;" value="<?php echo $specevlink; ?>" /> </td> </tr> <tr> <td> Event Tickets (Link): </td> <td style="text-align: left; width: 350px;"> <input type="url" name="gigtick" style="width: 100%;" value="<?php echo $specgigtick; ?>" /> </td> </tr> </table><br /> <input type="hidden" name="gigid" value="<?php echo $gigtoed; ?>" /> <input type="submit" name="updgigs" value="Update" /><br /> <br /> <?php } if(isset($_POST['updgigs'])){ $newid = trim($_POST['gigid']); $newdate = mysqli_real_escape_string($con, trim($_POST['gigdate'])); $newname = mysqli_real_escape_string($con, trim($_POST['gigname'])); $newlink = mysqli_real_escape_string($con, trim($_POST['giglink'])); $newtick = mysqli_real_escape_string($con, trim($_POST['gigtick'])); if(isset($_POST['nos'])){ $newnoshow = mysqli_real_escape_string($con, '1'); } else { $newnoshow = mysqli_real_escape_string($con, '0'); } echo $newid.' '.$newdate.' '.$newname.' '.$newlink.' '.$newtick.' '.$newnoshow.'<br />'; /*mysqli_query($con, "UPDATE `gigs` SET `date` = '$newdate', `name` = '$newname', `evlink` = '$newlink', `ticklink` = '$newtick', `noshow` = '$newnoshow' WHERE `idgigs` = '$newid' LIMIT 1") or die(mysqli_error($con));*/ //commented for testing ?> <div style="text-align: center;"> <span class="confirm"> Successfully updated click <a href="index.php?page=events">here</a> to view it! </span> </div> <?php } ?> </form> </div> <?php }
FYI- the logincheck.php is does nothing but check if the user is logged in, if not it sends them back to the home page.
-
iam-decoder over 10 yearsyes, I implemented the answers/suggestions but it didn't work.
-
cen over 10 yearsOne possible troublemaker could be that you are sending GET and POST parameters at the same time. While it might actually work it's not a good idea to use it this way. Instead of form target "?page=editgigs" try to use a hidden input field called "editgigs".
-
-
iam-decoder over 10 yearsI use $_GET["page"]; to determine which section the page is to show, using a hidden input field and having it post to index.php isn't working. I set it to including $_POST['page'] and tried having it include that in the paging reference but still not working.
-
Tomás over 10 yearsStill the 406 error? Try this. Change
input type="url"
toinput type="text"
on the two inputs. Leave the type="hidden" as it is. -
iam-decoder over 10 yearsi've tried that as well :/ I'm working on adding all of the coding.
-
Tomás over 10 yearsDo you use apache? Go to your server and get the last apache error.
tail /var/log/apache2/error.log
. Then update your answer with the errors. -
iam-decoder over 10 yearsI'm using godaddy as my host, they don't give me direct access to the apache error logs. I'm looking for anything in the files/options in my cpanel though. I've also updated my post to include everything.
-
Tomás over 10 yearsThe code you just submitted has a missing
<?php
at the first line, right? (Just checking that that is not the reason of all the problems) -
iam-decoder over 10 yearsI added that, it's in the files im using so that's not the issue, I also tried all 3 encoding types. didn't work either :/
-
Tomás over 10 yearslook at @Uours answer, it looks like to be the solution
-
Tomás over 10 years+1 Nice work Uours. I think the only thing he can try now is to remove
https
andhttp
because theinput type="url"
toinput type="text"
has been already tried and did not work. -
Tomás over 10 yearsAlso this is related: stackoverflow.com/questions/13500686/…