When security gets in your face

Posted on Sun 02 October 2011 in Sysadmin

When I started writing that post, I kept getting HTTP 406 Not Acceptable errors from the web server as I tried to preview it or save a draft. I managed to narrow down the cause of the problem to two seemingly innocent words: test and method. Whenever my post contained “test method” (separated by a single space), I would get the error. The workaround was quite simply to use two spaces instead of one (in code snippets, this didn’t look good though).

A bit of googling suggested that Apache’s mod_security might be the culprit. A quick test script ruled out the blog software. I contacted my hosting provider, Oderland, to see if they could help me. They quickly responded that yes, it was indeed a default mod_security rule that caused the problem. After they removed the rule, I could post “test method” again. Frankly, this was quite a relief - it’s difficult to write about programming and testing without mentioning test methods!

Kudos to Oderland support staff for fixing the problem at 9 pm a Saturday evening!