Hi all, hopefully some one will know about this but I have searched and searched and found nothing,
Basically, recently I set up paypal to send the buyer back to my receipt page so that it would fire the receipt email to me. When i tested it, everything works fine, the email gets sent, the receipt page shows but when I then navigate back to my website, it keeps throwing the following error
Not Acceptable
An appropriate representation of the requested resource /cgi-bin/ca000001.pl could not be found on this server.
Additionally, a 406 Not Acceptable error was encountered while trying to use an ErrorDocument to handle the request.
I contacted the webhost and they say there is nothing that they can do and it is a problem with my script, they are getting this in the error log at there end .
Here is part of there email back to me -
This is assuming that this is you testing from an IP address belonging to Virgin/NTL rather than an actual hacker attempting to break the site. Other IP addresses cropping up in the log are from Sweden, The Netherlands, BSkyB and Korea. However, I think I'm on the right track with the Virgin/NTL address as it crops up several times with the same reference.
This appears to be cookie related and I suspect that if you re-code what you've written, it will stop looking like a hacker attempting to gain access to the site and will start working correctly. Unfortunately, there's very little other help that I can offer with this as the ModSecurity rule throwing up the error is quite well established and not something we can consider removing.
Don't know if this makes sense to someone but I literally don't have a clue where to start
Basically, recently I set up paypal to send the buyer back to my receipt page so that it would fire the receipt email to me. When i tested it, everything works fine, the email gets sent, the receipt page shows but when I then navigate back to my website, it keeps throwing the following error
Not Acceptable
An appropriate representation of the requested resource /cgi-bin/ca000001.pl could not be found on this server.
Additionally, a 406 Not Acceptable error was encountered while trying to use an ErrorDocument to handle the request.
I contacted the webhost and they say there is nothing that they can do and it is a problem with my script, they are getting this in the error log at there end .
Code:
[Thu Oct 08 17:54:30 2015] [error] [client 86.30.4.135] File does not exist: /home//public_html/406.shtml, referer: http://www.mysite.co.uk/ [Thu Oct 08 17:54:37 2015] [error] [client 86.30.4.135] ModSecurity: Access denied with code 406 (phase 2). Pattern match "\\\\b(\\\\d+) ?= ?\\\\1\\\\b|[\\\\'\\"](\\\\w+)[\\\\'\\"] ?= ?[\\\\'\\"]\\\\2\\\\b" at REQUEST_HEADERS:Cookie. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "151"] [id "1234123413"] [msg "SQL Injection Attack"] [data "1=1"] [severity "CRITICAL"] [tag "WEB_ATTACK/SQL_INJECTION"] [hostname "www.mysite.co.uk"] [uri "/cgi-bin/st000001.pl"] [unique_id "VhafzcH@0j4AAEv-OrwAAADQ"]
Here is part of there email back to me -
This is assuming that this is you testing from an IP address belonging to Virgin/NTL rather than an actual hacker attempting to break the site. Other IP addresses cropping up in the log are from Sweden, The Netherlands, BSkyB and Korea. However, I think I'm on the right track with the Virgin/NTL address as it crops up several times with the same reference.
This appears to be cookie related and I suspect that if you re-code what you've written, it will stop looking like a hacker attempting to gain access to the site and will start working correctly. Unfortunately, there's very little other help that I can offer with this as the ModSecurity rule throwing up the error is quite well established and not something we can consider removing.
Don't know if this makes sense to someone but I literally don't have a clue where to start
Comment