406 Not Acceptable error GET parameter issue?

BenM picture BenM · Nov 21, 2012 · Viewed 7.2k times · Source

Can anyone please tell me why the following URL returns a 406 error:

http://kolek.to/functions/remote-upload.php?url=http%3A%2F%2Fben-major.co.uk%2Fhosting%2Fbm-equipment%2Faxe-2.jpg&item_id=2

Removing the ?url= parameter seems to make everything fine:

http://kolek.to/functions/remote-upload.php?item_id=2

For your reference, the content of remote-upload.php is as follows:

<?php
require_once('../models/api.php');
$request_url = urldecode($_REQUEST['url']);
$item_id = $_REQUEST['item_id'];
echo $item_id;
?>

Answer

damoiser picture damoiser · Nov 21, 2012

I think that this is due to the security filter from your server (I see in the response header that is Apache).

In your case is Apache mod_security that is turned on by default. While you can use the following to diagnose the problem (turning the filter off should resolve the issue) by running this command on the server:

SecFilterEngine off

BUT do this only for checking if the problem is the security filter, I discourage to leave the filter off (danger of injection and spam attacks).

If you see that is the filter that is the cause of the problem, try to put your request in the whitelist: HERE you can find the guide and HERE is the main website.