PHP/Apache Error:406 Not Acceptable
Question
So I received this error today, I've narrowed it down to this issue:
My site is my musician page here . It allows people to come in and see photos of me, news, my music and events I'm playing at.
Everything was going swell, I manually input data into MySQL to have it auto-feed to the home page. Now I'm adding the control panel so I can add, edit, delete things in the database from the web.
Everything works fine except for the ability to add/edit events. I've narrowed it down to the fact that I can't input 2 URLs or I get this error. I NEED to input 2 URLs (one to view the event page, one to buy tickets) but I can't input more than 1 at a time, is there anything I can do to correct or work around this error whether in apache or my code?
<?php
$specevlink = "http://facebooklink.com";
$specgigtick = "http://ticketplacelink.com";
?>
<form method="post" action="index.php?page=editgigs">
<table>
<tr>
<td>
Event Page (Link):
</td>
<td style="text-align: left;">
<input type="url" name="giglink" value="<?php echo $specevlink; ?>" />
</td>
</tr>
<tr>
<td>
Event Tickets (Link):
</td>
<td style="text-align: left;">
<input type="url" name="gigtick" value="<?php echo $specgigtick; ?>" />
</td>
</tr>
</table><br />
<input type="submit" name="editgig" value="submit" /><br />
<br />
</form>
EDIT:
I'm adding the full line of code so you can see exactly what I'm using,
Here's a pic of step 1 Here's a pic of step 2
This is included into an index.php file:
<?php
if(isset($_GET["page"])){
$page = $_GET["page"];
} else {
$page = "";
}
if($page === "editgigs"){
include ('inc/logincheck.php');
?>
<div class="label">
EDIT GIGS
</div><br />
<div style="margin: 0 auto; text-align: center; width: 100%">
<form method="post" action="index.php?page=editgigs">
<?php
if(!isset($_POST['selectgigs'])){
if(!isset($_POST['updgigs'])){
?>
Select one of the options below:<br />
<br />
<select name="selgigs" style="max-width: 26%;">
<?php
while($gigsall_data = mysqli_fetch_array($gigsall_query)){
$gigid = stripslashes($gigsall_data['idgigs']);
$gigdate = stripslashes($gigsall_data['date']);
$gigname = stripslashes($gigsall_data['name']);
$gigdate = date('F j, Y', strtotime($gigdate));
?>
<option value="<?php echo $gigid; ?>">
<?php echo $gigdate; ?>: <?php echo $gigname; ?>
</option>
<?php
}
?>
</select><br /><br />
<input type="submit" name="selectgigs" value="Select" /><br />
<br />
<?php
}
}
if(isset($_POST['selectgigs'])){
$gigtoed = trim($_POST['selgigs']);
$specgig_query = mysqli_query($con, "SELECT * FROM `gigs` WHERE `idgigs` = '$gigtoed'") or die(mysqli_error($con));
$specgig_data = mysqli_fetch_array($specgig_query);
$specdate = stripslashes($specgig_data['date']);
$specname = stripslashes($specgig_data['name']);
$specevlink = stripslashes($specgig_data['evlink']);
$specgigtick = stripslashes($specgig_data['ticklink']);
$specnos = stripslashes($specgig_data['noshow']);
if($specnos === '0'){
$noshow = '';
} else {
$noshow = 'checked';
}
?>
<table style="border-spacing: 5px; padding: 10px;">
<tr>
<td>
Past Event?:
</td>
<td style="text-align: left;">
<input type="checkbox" name="nos" <?php echo $noshow; ?> /> Past Event
</td>
</tr>
<tr>
<td>
Date:
</td>
<td style="text-align: left;">
<input type="date" name="gigdate" value="<?php echo $specdate; ?>" required />
</td>
</tr>
<tr>
<td>
Name:
</td>
<td style="text-align: left;">
<input type="text" name="gigname" value="<?php echo $specname; ?>" required />
</td>
</tr>
<tr>
<td>
Event Page (Link):
</td>
<td style="text-align: left; width: 350px;">
<input type="url" name="giglink" style="width: 100%;" value="<?php echo $specevlink; ?>" />
</td>
</tr>
<tr>
<td>
Event Tickets (Link):
</td>
<td style="text-align: left; width: 350px;">
<input type="url" name="gigtick" style="width: 100%;" value="<?php echo $specgigtick; ?>" />
</td>
</tr>
</table><br />
<input type="hidden" name="gigid" value="<?php echo $gigtoed; ?>" />
<input type="submit" name="updgigs" value="Update" /><br />
<br />
<?php
}
if(isset($_POST['updgigs'])){
$newid = trim($_POST['gigid']);
$newdate = mysqli_real_escape_string($con, trim($_POST['gigdate']));
$newname = mysqli_real_escape_string($con, trim($_POST['gigname']));
$newlink = mysqli_real_escape_string($con, trim($_POST['giglink']));
$newtick = mysqli_real_escape_string($con, trim($_POST['gigtick']));
if(isset($_POST['nos'])){
$newnoshow = mysqli_real_escape_string($con, '1');
} else {
$newnoshow = mysqli_real_escape_string($con, '0');
}
echo $newid.' '.$newdate.' '.$newname.' '.$newlink.' '.$newtick.' '.$newnoshow.'<br />';
/*mysqli_query($con, "UPDATE `gigs` SET `date` = '$newdate', `name` = '$newname', `evlink` = '$newlink', `ticklink` = '$newtick', `noshow` = '$newnoshow' WHERE `idgigs` = '$newid' LIMIT 1") or die(mysqli_error($con));*/ //commented for testing
?>
<div style="text-align: center;">
<span class="confirm">
Successfully updated click <a href="index.php?page=events">here</a> to view it!
</span>
</div>
<?php
}
?>
</form>
</div>
<?php
}
FYI- the logincheck.php is does nothing but check if the user is logged in, if not it sends them back to the home page.
3 answers
solution1
5 ACCPTED 2013-11-26 01:44:29
Your website is generating error if any user input item is starting with either http:// or https:// .
When I try with a link starting with http:// I got a 406 Not Acceptable :
http://onkore.us/?blah=http://www.google.com
It is fine when I try this :
http://onkore.us/?blah=www.google.com
You've mentioned that you are having problem if it is more than one link , but when I try with two links like below , it is being fine :
http://onkore.us/?blah1=www.google.com&blah2=www.google.com
However either you could find and fix the issue which might be specific to your server configuration or you could try a work around .
I am not sure if this workaround helps , but considering that http:// or https:// are creating the issue , what I am thinking is to remove the http:// and https:// from user input . First you might want to try changing <input type="url" to <input type="text" so that URL format is not enforced . Then you could use Javascript to remove occurrences of http:// and https:// from the user input in the form before submitting to server . Additionally you could remove these from the data before populating the form values .
Hope this helps .
solution2
4 2013-11-25 17:05:24
This error means that for example, you are asking the server for books (And you only understand Spanish). The server only has English and German Books.
Therefore the server has your answer but it will not give it to you, because he knows you won't do anything useful or you will do something bad with it!! (like not reading the books and throwing them to people's heads, for example).
406 Not Acceptable" is an unusual status code - the most common are 200, 404, 500, 301. You only see a 406 when something is wrong with the server, usually something silly but hard to diagnose.
Also:
This general error means the request you made was detected as a potential hack attempt to the server [...]
https://billing.stablehost.com/knowledgebase/178/What-does-406-Not-Acceptable-mean.html
The most common solution for this error is related with mod_security.
1. Mod_security
ModSecurity can monitor the HTTP traffic in real time in order to detect attacks [...] it operates as a web intrusion detection tool. ModSecurity can also act immediately to prevent attacks from reaching your web applications.
This 406 error might be from mod_security as a response from a possible attack via POST, passing some url's instead of plain and normal text.
The most common solution is to disable the POST scan and mod_security filtering in htaccess:
<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>
Also, in the terminal, execute:
sudo a2dismod security2_module
sudo service apache2 restart
To deactivate ModSecurity.
If that does not work, then edit the file
/etc/apache2/mod-security/modsecurity_crs_10_config.conf
And add a # at the beggining of the line that has something like this:
SecDefaultAction “phase:2,log,deny,status:403,t:lowercase,t:replaceNulls,t:compressWhitespace”
Finally, restart apache
sudo service apache2 restart
solution3
1 2014-04-01 12:02:10
I have been having this problem for a while and only once in a while, so it was hard to identify.
However, after some testing I have found the mistake in my case. It may be not in yours, but if anyone is having 406 Not Acceptable error it is worth a shot.
In my case that error occured whenever posted data had 'shell:' in it, which as I would guess is interpreted wrong and error is thrown. Solution for me was to replace that string before posting it.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.