Announcement

Collapse
No announcement yet.

406 Not Acceptable after Receipt Page is reached

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    406 Not Acceptable after Receipt Page is reached

    Hi all, hopefully some one will know about this but I have searched and searched and found nothing,

    Basically, recently I set up paypal to send the buyer back to my receipt page so that it would fire the receipt email to me. When i tested it, everything works fine, the email gets sent, the receipt page shows but when I then navigate back to my website, it keeps throwing the following error

    Not Acceptable

    An appropriate representation of the requested resource /cgi-bin/ca000001.pl could not be found on this server.


    Additionally, a 406 Not Acceptable error was encountered while trying to use an ErrorDocument to handle the request.



    I contacted the webhost and they say there is nothing that they can do and it is a problem with my script, they are getting this in the error log at there end .



    Code:
    [Thu Oct 08 17:54:30 2015] [error] [client 86.30.4.135] File does not exist: /home//public_html/406.shtml, referer: http://www.mysite.co.uk/
    [Thu Oct 08 17:54:37 2015] [error] [client 86.30.4.135] ModSecurity: Access denied with code 406 (phase 2). Pattern match "\\\\b(\\\\d+) ?= ?\\\\1\\\\b|[\\\\'\\"](\\\\w+)[\\\\'\\"] ?= ?[\\\\'\\"]\\\\2\\\\b" at REQUEST_HEADERS:Cookie. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "151"] [id "1234123413"] [msg "SQL Injection Attack"] [data "1=1"] [severity "CRITICAL"] [tag "WEB_ATTACK/SQL_INJECTION"] [hostname "www.mysite.co.uk"] [uri "/cgi-bin/st000001.pl"] [unique_id "VhafzcH@0j4AAEv-OrwAAADQ"]

    Here is part of there email back to me -

    This is assuming that this is you testing from an IP address belonging to Virgin/NTL rather than an actual hacker attempting to break the site. Other IP addresses cropping up in the log are from Sweden, The Netherlands, BSkyB and Korea. However, I think I'm on the right track with the Virgin/NTL address as it crops up several times with the same reference.

    This appears to be cookie related and I suspect that if you re-code what you've written, it will stop looking like a hacker attempting to gain access to the site and will start working correctly. Unfortunately, there's very little other help that I can offer with this as the ModSecurity rule throwing up the error is quite well established and not something we can consider removing.


    Don't know if this makes sense to someone but I literally don't have a clue where to start

    #2
    when I then navigate back to my website,
    The question that comes to my mind is how are you navigating? and what's the page you're being taken to?
    -----------------------------------------

    First Tackle - Fly Fishing and Game Angling

    -----------------------------------------

    Comment


      #3
      Yes, very good comment, should of mentioned it.

      The checkout payments go through either PayPal or Nochex, in both of the accounts I have configured each Success URL to redirect back to the cgi-bin/os0000001.pl.

      Ever since I have put this success url redirect in place, this error has became a problem.


      I am navigating back to the website by clicking go to homepage on the receipt page. Or even closing the browser and going back to my website.. this still has the same issue.

      Comment


        #4
        Silly question maybe but is your Script ID 1?
        Reusable Snore Earplugs : Sample Earplugs - Wax Earplugs - Women's Earplugs - Children's Earplugs - Music Earplugs - Sleep Masks

        Comment


          #5
          It sounds as if it could be a similar problem to this one.

          http://community.sellerdeck.com/showthread.php?t=56397

          Whatever security software they're running appears to be deciding that the request has the signature of an SQL attack and is blocking the request.

          This appears to be a false positive rather than a genuine attack. I'd say the chances of getting the host to do anything about are probably pretty slim so you might need to consider your hosting options.

          At least the good news is that the vast majority of customers will be off elsewhere after ordering. Still not great as it is though.
          -----------------------------------------

          First Tackle - Fly Fishing and Game Angling

          -----------------------------------------

          Comment


            #6
            Originally posted by guccij View Post
            Silly question maybe but is your Script ID 1?
            How do I check that?

            Comment


              #7
              Originally posted by Mike Hughes View Post
              It sounds as if it could be a similar problem to this one.

              http://community.sellerdeck.com/showthread.php?t=56397

              Whatever security software they're running appears to be deciding that the request has the signature of an SQL attack and is blocking the request.

              This appears to be a false positive rather than a genuine attack. I'd say the chances of getting the host to do anything about are probably pretty slim so you might need to consider your hosting options.

              At least the good news is that the vast majority of customers will be off elsewhere after ordering. Still not great as it is though.
              Cheers for the find,, sounds like doom and gloom then !

              Comment


                #8
                Originally posted by STSO-UK View Post
                How do I check that?
                Web - Network Setup.

                The CGI Script ID Number is on the left at the bottom of that dialog box.

                But it sounds as if Mike has identified what might lie behind your problem.
                Reusable Snore Earplugs : Sample Earplugs - Wax Earplugs - Women's Earplugs - Children's Earplugs - Music Earplugs - Sleep Masks

                Comment


                  #9
                  Originally posted by guccij View Post
                  Web - Network Setup.

                  The CGI Script ID Number is on the left at the bottom of that dialog box.

                  But it sounds as if Mike has identified what might lie behind your problem.
                  yep it is number 1

                  Comment

                  Working...
                  X