406 error Not Acceptable

I just upgraded to FLEXIContent - 2.0 - RC9b r1601 -- on a joomla 2.5.9 site. On the first save of content, I was logged out and sent to the front end. Then I got the 406 error. I am working on my host with the issue now.
this is from my whm mod_security log
any ideas? anyone else seeing this?

-- This sounds like a false-positive,
but still maybe we should find why the mod_security rule is being triggered

-- Maybe it is related to the value of a specific field

Can you do this:

1. Duplicate the Content Type of the item that caused this when saving (thus the new Content Type will have assigned the same items as the old one)

2.
a. Try to save a new item of the new Content Type , does it save?
b. Edit the new item and put in the same values as the other item that failed, does it save?

If it does not save, remove assignments of some fields of the new Content Type and try saving again, repeat until item save OR you run out of custom fields

thanks for your reply. Wow that was exciting. It Wasn't flexicontent :oops: but the coincidence of having my browser hijacked sometime in the session while I was working on flexicontent. When I hit save, mod-security on my server correctly spotted me as a sql injection attacker.

That took about 10 hours to figure that out: complete restore of the site. Complete reconfig of all the security on my server. complete reinstall and sweep of my pc and Firefox and Chrome. Funny it was trying IE that let me to see the other two browsers were hijacked.

Any way I am enjoying flexicontent. I'm just starting to see the beauty of the extension. Thanks for the great extension and fast reply.

Thanks for the feedback,

it is of great value,

406 error is Back again. It is flexicontent that is triggering mod_sec. once it triggers it blocks my browser. Not sure of how that is happening. this came after saving a modification in a category from the backend through flexicontent.

I will go look at that line in the .conf file later when I have time. Let me know if there is anything else you need to know.

If I turn off mod sec the site loads. Or if I uninstall and reconfigure my browser locally. ???

I can load the site from a proxy, or another browser, but not the one that triggered mod sec. ??

I see in the log,
that this rule is triggered by ( [data "0=0"] ) inside a COOKIE,
meaning in your browser there is a cookie that is containing text like this :

.... 0=0 .....

The above triggers your security rule, (Maybe a False positive or an infection in your browser)


Please do these to make sure:

1. install "web-developer" extension for Firefox
2. visit flexicontent site and visit page that triggers the mod_security rule
3. in web-developer toolbar (and while being in FLEXIcontent TAB) do "View Cookie Information"
4. Search for text 0=0
5. Do you find one or more Cookies that have the above ??

What is their name and their FULL text ???