332 Posts
Kenneth
10 years ago
6
Topic

Hello,

I've added a Free text field to a form and when I push the "Editor" button in this fields settings I get this error message:

Not Acceptable 

An appropriate representation of the requested resource /administrator/index.php could not be found on this server. Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

I do have Admin tools installed on this site, but I've turned of the plugin and this error still is prevailent. 

Get a Book for SEBLOD
4229 Posts
Kadministrator
10 years ago
0
Level 1

Hi,

as you deactivated admin tools I presume this msut be some protection system on your server, I can't replicate this on my test site.

332 Posts
Kenneth
10 years ago
0
Level 1

Hm, okay. Maybe it's controlled by .htaccess file? 

I've got to solve it somehow, and will post back if I'm successful. I guess I'm not the only one using admin tools.

332 Posts
Kenneth
10 years ago
0
Level 1

I removed .htaccess, unplugged admin tools and find this in my errorlog:

[Thu Dec 18 22:15:13 2014] [error] [client 109.247.60.149] File does not exist: /home/grundev/public_html/406.shtml, referer: http://****/administrator/index.php?option=com_cck&view=field&tmpl=component&layout=edit

332 Posts
Kenneth
10 years ago
2
Level 1

I also got this from mod_security:

[Thu Dec 18 22:20:19 2014] [error] [client 109.247.****] ModSecurity: Access denied with code 406 (phase 2). Pattern match "\\\\%(?![0-9a-fA-F]{2}|u[0-9a-fA-F]{4})" at ARGS:params. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "18"] [id "950107"] [msg "URL Encoding Abuse Attack Attempt"] [severity "WARNING"] [hostname "*****.no"] [uri "/administrator/index.php"] [unique_id "VJNTI9RxjV0AAEYiW64AAAAR"]

4229 Posts
Kadministrator
10 years ago
1
Level 2

As you found out htis is mod_security that is blocking your request, you will need to ask your hosting provider to make an exception in the rules.

332 Posts
Kenneth
10 years ago
0
Level 3

Yes, I got them to add an whitelist for that rule.

BTW, is this an item for the tracker? Mod_security is kind of important to have up and running, isn't it?

Get a Book for SEBLOD