406 error Not Acceptable

I'm not sure about an infection on my pc. If something is infected, it is well hidden. I will scan again and look around as well.

As anyone would, before letting an expert see the sloppy install on my test site, :oops: I scrambled around late last night and did some site-wide cleanup: turned off seo, deleted a bunch of trashed menu items, categories, joomla demo stuff. Rebuilt all the trees. Cleaned up the htaccess file and removed a bunch of unused plugins from the files and db.

This morning I noticed a new version of flexicontent com. So that was wiped and installed as well. not the db however. I too was having a hard time getting mod sec to trigger last night. I did, but, got in a bunch of saves and modifies before triggering the 406 warning.

I have some other pressing work this morning and will see if I can get the error to go again tonight.

One thing I noticed last night. The cookies that were triggering the 406 were "jpanesliders_panel-sliders" when I deleted those, I could get the page to load without turning of mod security. The value was always 0 not 0:0. Any ideas on what is generating those cookies? Almost everytime I save in the frontend it adds a jpanesliders_plugin-sliders-81, jpanesliders_plugin-sliders-82, etc. I currently have 6 jpane xx cookies. I am thinking that I'm going to reach a limit and trigger mod sec. But I have to go now.

Thanks for all your help.

Do you have a specific page that is triggering this mod_security Rule, or is it more random?

Random. The cookies don't stack up in the frontend if I continue saving the same item. There are only three entries, so I just cycle through them. It seems every different edit adds another cookie. I did quite a bit of editing this morning and no 406.

Yesterday it triggered on editing a category in the backend and every edit on frontend items.

Ok , if you start getting it again, please post back here , we are always interested in such reports

Regards

I am still getting the 406 error. I have a fresh install of windows7 64bit on my pc with only chrome, firefox ie10, ultra edit, office, ccleaner.

I have an absolutely clean install of joomla 2.5.9 and v2.0.0 of flexicontent.

what seems to trigger the 406 error is when trying to add a tag to a new article it gives a popup dialog

Failed to add tag

then the 406 starts.

from my error log :

administrator/index.php?option=com_flexicontent&controller=items&task=items.add&typeid=1&xxxxxxxxxx=1
[Mon Mar 25 06:48:45 2013] [error] [client me] File does not exist:

and from mod sec:

Access denied with code 406 (phase 2). Pattern match "\\b(\\d+) ?= ?\\1\\b|[\\'\"](\\w+)[\\'\"] ?= ?[\\'\"]\\2\\b" at REQUEST_HEADERS:Cookie. [file "/usr/local/apache/conf/modsec-imh/pcre_821.conf"] [line "11"] [id "959901"] [msg "SQL Injection Attack"] [data "0=0"] [severity "CRITICAL"] [tag "WEB_ATTACK/SQL_INJECTION"]

Whoops I'm not sure about the tags creating the problem. But it is related. It seems every time I add an article joomla or flexi is adding three cookies.

Name jpanesliders_permissions-sliderscom_flexicontent
Value 0
Host x.com
Path /
Expires At end of session
Secure No
HttpOnly No

Name jpanesliders_plugin-sliders-90
Value 0
Host x.com
Path /
Expires At end of session
Secure No
HttpOnly No

Name jpanesliders_template-sliders-90
Value 0
Host x.com
Path /
Expires At end of session
Secure No
HttpOnly No

At this point the article will save without triggering mod sec. On creating a second article, three new cookies are added and the problem starts. If I delete the old cookies it doesn't trigger mod sec. But with the new cookies the tag failed popup is triggered. At this point I have to delete all cookies except the joomla session or it will trigger mod sec. Does the tag field have a relationship to one of the cookies? That is my uneducated guess.

Since new cookies are generated on each create or save perhaps they should be set to expire on save? Hope I made myself clear.