/
Mod_security 403, 406 error

Mod_security 403, 406 error

Owned by Basara
Last updated: Jun 20, 2025

Problem

Mod_Security and Common Issues

Mod_Security is an Apache module designed to protect your website from various attacks. However, it can sometimes be overly aggressive, especially with certain word "patterns" found in URLs. If a requested URL on your site matches one of these patterns, Mod_Security might incorrectly block access due to a false positive.

This often leads to a range of issues, including:

  • HTTP Errors: "406 Not Acceptable," "403 Forbidden," "500 Internal Server Error," or "501 Method Not Implemented."

  • Access Denied: General forbidden access errors.

  • Login Problems.

  • Issues Adding Resources: Difficulty uploading or adding HTML resources to the Media Library.

These problems are frequently caused by misconfigured Mod_Security rules, particularly the COMODO Free ModSecurity rules, which are known for being overly aggressive.

Solution

Ask your hosting support to disable individual mod_security rules or try to disable it manually.  We strongly recommend you contact your hosting provider and work with them to resolve the server module issue.

Try adding this in a .htaccess file. Note: Most of the shared hosting providers do not allow this

<IfModule mod_security.c> SecFilterInheritance Off </IfModule>

ModSecurity, particularly COMODO WAF rule ID 211540, is known to cause false positives that can block your requests.

If you have access to your web application firewall (WAF) or ModSecurity configuration, you can resolve this by disabling rule 211540 or disabling CWAF entirely.

cwaf.png
Plesk panel example

 

 

 

Related articles





AbanteCart, all rights reserved. 2025 ©