Textpattern CMS

#1 2014-06-09 05:08:39

RedFox

Member

From: Netherlands

Registered: 2005-03-25

Posts: 811

Website

Error 406 Not Acceptable ... !?

I’ve just installed a fresh Txp (4.5.5) site and everytime I want to save an admin page I get this error > “An appropriate representation of the requested resource /new/textpattern/index.php could not be found on this server.”

All checks passed!

Textpattern version: 4.5.5 (r5575)
Last update: 2014-06-08 19:26:23/2014-06-08 19:22:32
Document root: /var/www/html
$path_to_site: /var/www/html/new
Textpattern path: /var/www/html/new/textpattern
Permanent link mode: section_id_title
Temporary directory path: /var/www/html/new/textpattern/tmp
Site URL: www.mariaberkhout.nl/new
PHP version: 5.3.15
GD Graphics Library: bundled (2.0.34 compatible); supported formats: GIF, JPG, PNG.
Server TZ: Europe/Amsterdam
Server local time: 2014-06-09 07:06:36
DST enabled?: 0
Automatically adjust DST setting?: 0
Time zone: Europe/Amsterdam (3600)
MySQL: 5.0.95
Locale: en_GB.UTF-8
Server: Apache
PHP server API: cgi-fcgi
RFC 2616 headers: 0
Server OS: Linux 2.6.18-308.11.1.el5
Admin-side theme: classic 4.5.5

.htaccess file contents: 
------------------------
#DirectoryIndex index.php index.html

#Options +FollowSymLinks
#Options -Indexes
#ErrorDocument 403 default

<IfModule mod_rewrite.c>
	RewriteEngine On
	#RewriteBase /relative/web/path/

	RewriteCond %{REQUEST_FILENAME} -f [OR]
	RewriteCond %{REQUEST_FILENAME} -d
	RewriteRule ^(.+) - [PT,L]

	RewriteCond %{REQUEST_URI} !=/favicon.ico
	RewriteRule ^(.*) index.php

	RewriteCond %{HTTP:Authorization}  !^$
	RewriteRule .* - [E=REMOTE_USER:%{HTTP:Authorization}]
</IfModule>

#php_value register_globals 0

# SVG
AddType image/svg+xml  svg svgz
AddEncoding gzip       svgz

#2 2014-06-09 05:26:46

RedFox

Member

From: Netherlands

Registered: 2005-03-25

Posts: 811

Website

Re: Error 406 Not Acceptable ... !?

I’ve found another thread and putting SecFilterScanPOST Off into the .htaccess file works like a charm >

.htaccess file contents: 
------------------------
#DirectoryIndex index.php index.html

#Options +FollowSymLinks
#Options -Indexes
#ErrorDocument 403 default

<IfModule mod_rewrite.c>
	RewriteEngine On
	#RewriteBase /relative/web/path/

	SecFilterScanPOST Off

	RewriteCond %{REQUEST_FILENAME} -f [OR]
	RewriteCond %{REQUEST_FILENAME} -d
	RewriteRule ^(.+) - [PT,L]

	RewriteCond %{REQUEST_URI} !=/favicon.ico
	RewriteRule ^(.*) index.php

	RewriteCond %{HTTP:Authorization}  !^$
	RewriteRule .* - [E=REMOTE_USER:%{HTTP:Authorization}]
</IfModule>

#php_value register_globals 0

# SVG
AddType image/svg+xml  svg svgz
AddEncoding gzip       svgz

Now the question is: does this do something bad with the server? Or is it ok?

#3 2014-06-15 17:00:53

ruud

Developer Emeritus

From: a galaxy far far away

Registered: 2006-06-04

Posts: 5,068

Website

Re: Error 406 Not Acceptable ... !?

It disables checking of POST requests (typically: submitting forms) in the mod_security module in Apache. If you only run into problems on the admin side, I’d recommend moving that SecFilterScanPOST to a .htaccess file in your /textpattern directory, so it’s only disabled there.

mod_security is a safety net. It catches a few things that could lead to undesirable situations if your software (i.e. textpattern + plugins) contains security holes. If you keep TXP up-to-date, that shouldn’t be much of a problem.

#4 2014-06-16 14:39:54

uli

Moderator

From: Cologne

Registered: 2006-08-15

Posts: 4,315

Re: Error 406 Not Acceptable ... !?

Just asking for my personal learning as an absolute htaccess beginner, no snootiness:

Shouldn’t that SecFilterScanPOST Off line be inside an <IfModule mod_security.c> block?

---

_{In bad weather I never leave home without wet_plugout, smd_where_used and adi_form_links}

#5 2014-06-24 20:07:02

RedFox

Member

From: Netherlands

Registered: 2005-03-25

Posts: 811

Website

Re: Error 406 Not Acceptable ... !?

Uli … I don’t know. I think Ruud knows the answer to that. Or somebody else?

Last edited by RedFox (2014-06-24 20:09:05)

#6 2014-06-25 08:38:10

gaekwad

Server grease monkey

From: People's Republic of Cornwall

Registered: 2005-11-19

Posts: 4,350

GitHub

Re: Error 406 Not Acceptable ... !?

uli wrote #281460:

Shouldn’t that SecFilterScanPOST Off line be inside an <IfModule mod_security.c> block?

That’s my understanding, yes.

---

Textpattern CMS demo – tech updates

Code is Poetry; Text is Pattern.

#7 2014-06-25 11:36:14

uli

Moderator

From: Cologne

Registered: 2006-08-15

Posts: 4,315

Re: Error 406 Not Acceptable ... !?

Thanks, Pete :)

---

_{In bad weather I never leave home without wet_plugout, smd_where_used and adi_form_links}

#8 2014-06-25 11:40:51

gaekwad

Server grease monkey

From: People's Republic of Cornwall

Registered: 2005-11-19

Posts: 4,350

GitHub

Re: Error 406 Not Acceptable ... !?

I’m not an expert, but I’m pretty sure you can restrict it to just the admin-side this way:

<IfModule mod_security.c>
<Files textpattern/index.php>
SecFilterEngine Off
SecFilterScanPOST Off
</Files>
</IfModule>

I’m sure Ruud knows more about this than I do, so don’t take my word for it.

Last edited by gaekwad (2014-06-25 12:19:00)

---

Textpattern CMS demo – tech updates

Code is Poetry; Text is Pattern.

#9 2014-06-25 17:11:13

ruud

Developer Emeritus

From: a galaxy far far away

Registered: 2006-06-04

Posts: 5,068

Website

Re: Error 406 Not Acceptable ... !?

LOL… It’s not like I write Apache config files every day. Just try and see if it works :)

#10 2014-06-26 08:05:28

gaekwad

Server grease monkey

From: People's Republic of Cornwall

Registered: 2005-11-19

Posts: 4,350

GitHub

Re: Error 406 Not Acceptable ... !?

ruud wrote #281645:

It’s not like I write Apache config files every day.

I’m still certain you know more about this than I do!

---

Textpattern CMS demo – tech updates

Code is Poetry; Text is Pattern.