406 error Not Acceptable

I just upgraded to FLEXIContent - 2.0 - RC9b r1601 -- on a joomla 2.5.9 site. On the first save of content, I was logged out and sent to the front end. Then I got the 406 error. I am working on my host with the issue now.
this is from my whm mod_security log
any ideas? anyone else seeing this?

-- This sounds like a false-positive,
but still maybe we should find why the mod_security rule is being triggered

-- Maybe it is related to the value of a specific field

Can you do this:

1. Duplicate the Content Type of the item that caused this when saving (thus the new Content Type will have assigned the same items as the old one)

2.
a. Try to save a new item of the new Content Type , does it save?
b. Edit the new item and put in the same values as the other item that failed, does it save?

If it does not save, remove assignments of some fields of the new Content Type and try saving again, repeat until item save OR you run out of custom fields

thanks for your reply. Wow that was exciting. It Wasn't flexicontent :oops: but the coincidence of having my browser hijacked sometime in the session while I was working on flexicontent. When I hit save, mod-security on my server correctly spotted me as a sql injection attacker.

That took about 10 hours to figure that out: complete restore of the site. Complete reconfig of all the security on my server. complete reinstall and sweep of my pc and Firefox and Chrome. Funny it was trying IE that let me to see the other two browsers were hijacked.

Any way I am enjoying flexicontent. I'm just starting to see the beauty of the extension. Thanks for the great extension and fast reply.

Thanks for the feedback,

it is of great value,

406 error is Back again. It is flexicontent that is triggering mod_sec. once it triggers it blocks my browser. Not sure of how that is happening. this came after saving a modification in a category from the backend through flexicontent.

I will go look at that line in the .conf file later when I have time. Let me know if there is anything else you need to know.

If I turn off mod sec the site loads. Or if I uninstall and reconfigure my browser locally. ???

I can load the site from a proxy, or another browser, but not the one that triggered mod sec. ??

I see in the log,
that this rule is triggered by ( [data "0=0"] ) inside a COOKIE,
meaning in your browser there is a cookie that is containing text like this :

.... 0=0 .....

The above triggers your security rule, (Maybe a False positive or an infection in your browser)


Please do these to make sure:

1. install "web-developer" extension for Firefox
2. visit flexicontent site and visit page that triggers the mod_security rule
3. in web-developer toolbar (and while being in FLEXIcontent TAB) do "View Cookie Information"
4. Search for text 0=0
5. Do you find one or more Cookies that have the above ??

What is their name and their FULL text ???

.
EDIT: ggppdk, you posted before me while I was writing


This may or may not have anything to do with FLEXIcontent.

In your first post the error message appears to tell us this is an issue with a cookie,
and that the cookie contains 0=0 ( [data "0=0"] ).
Apparently the mod_sec rule does not like that pattern of data.

A search on the internet for that error code reveals the same or similar error messages with many types of websites - including Joomla, WordPress, ecommerce, others CMSs, etc.
So this could also be an issue with a browser hijack, a bad browser plug-in, an infection on your system, etc., etc.

There were some other examples found in my search where a cookie with "1=1" triggered the rule.

The cookie could come from a number of different sources.
Joomla, Joomla extension, JavaScript, browser plug-in, etc. ...

Need to look at the contents the cookies for that website on your system.
Then it may be possible to tell if this has anything to do with FLEXIcontent.

.

Thanks for the input. Now a couple hours later, I can't seem to get the mod-security to kick in. I am suspecting an infection on my pc.
I ran spybot s&d (removed a bunch of tracking cookies. Ran hijack this and removed a bunch of BHOs. Of course, I did that yesterday as well. But didn't remove so many BHOs. Today I removed a mystery startup process in the task manager as well.
The firefox extensions I have installed are:

firebug
download status bar
google voice.
google disconnect.(disabled)

I installed the web dev plugin: No cookies showing the 0:0 now!?

The site is simply for testing flexicont and only a few components (flexi, jce, xmap) and plugins are installed. The plugins I have been trying in flexi are googlemaps by mike reumer and sigplus from levante h. I was working on triggering the plugins in a field as well as tweaking the templates when this started.
In addition, rizvn login module and Brute Force Stop plugin by bernhard f and cache cleaner by peter vw. I have gotten the 406 with these disabled and enabled.

rockettheme theme -- fracture.

Thanks for your support. Ken I have watched your posts on joomla for years. Seeing your presence here adds to this project as well! thanks!! Excuse me for going on, but I want to be thorough.

Just getting ready to shut down and hit save and return in the front end and got a 404 error with this in the url bar ...//mysite.com/http%3A%2F%2Fmysite.com%2F :evil: obfuscating the site as I don't want a bunch of people pounding it. send a pm if you want a login.

Then thought I would test trying to add a new item in the backend got the 406. :evil:

No 0:0 in the cookies and nothing showing yet in my whm mod sec log.

If I disable mod sec. the site to loads
Re enable mod sec and remove all cookies the site to loads.

Yes you can send a PM to me