mod security

This article is a stub. You can help the IndieWeb wiki by expanding it.

mod_security is a web application firewall for the Apache web server.

Issues

Blocking Requests

Sometimes mod_security may block otherwise-legitimate requests. If you get an error message like:

Not Acceptable!
An appropriate representation of the requested resource could not be found on this server. This error was generated by Mod_Security.

you will probably need to contact your hosting provider to have them change some of the security settings.

Examples

• The 'Not Acceptable!' issue has been encountered by some sites hosted on Bluehost. Jack Jamieson experienced this bug on his WordPress site while trying to use the WordPress IndieAuth plugin. As of 2019-08-06, this was resolved by Bluehost's technical support. To resolve this problem it was necessary to tell them to disable mod_security at the IndieAuth plugin endpoint URLs, which can be seen on the IndieAuth plugin settings page (example.com/wp-admin/admin.php?page=indieauth).

• The same seems to be true for any IndieAuth implementations on Bluehost regardless of if they are setup through WordPress or not. You may have to walk them through the process of how to encounter the correct error by sending them a login page in order to escalate to the right support level. AramZS (talk)

See Also

• https://chat.indieweb.org/dev/2020-01-18/1579374490093200
  • "For the sake of future searches, these where the mod_security ids they had to whitelist for brid.gy to stop returning a 406: 340157, 9009999,380122 and 340016" @techlifeweb January 18, 2020