When your visitors go to your website and they get a "406 Unacceptable" error on your site, this is most likely caused by mod_security. All our servers have mod_security enabled by default. mod_security is good to keep your site from be exploited by hackers. Below will explain mod_security.
What is mod_security?
Apache (Your web server software) comes with a module called "mod_security" that protects your website from attackers that compromise your site through the web URL's. Code can be added to the end of your web URL that can contains SQL statements. This SQL statement can delete, insert data, or do other damages to your website when mod_security is disabled. A common URL injection looks like the following:
In this case, the database table called users will be deleted from the database with the DROP statement. Servers running mod_security will flag that URL as a Hack attempt and result in a 406 Unacceptable error.
How do I work around mod_security?
If you are getting 406 errors on your site due to mod_security you can do one of the following:
- Find the Code in the URL causing the error and remove it (Sometimes Foreign languages can cause mod_security to stop the site).
- Remove the plugin / php code causing it and use a different plugin or php code.
- Disable mod_security
How do I disable mod_security?
It the event you would like to disable mod_security on your account you can disable it through your cPanel. Please see our article on Disable mod_security via cPanel Modsec Manager to learn how to do this. If for whatever reason you cannot disable mod_security from your cPanel, you can always contact tech support and our support can disable it.