What is the 406 Error?

406 error - Not acceptableWeb browsers make a request for information from the server. When this happens, it sends an Accept header. This tells the server in what formats the browser can accept the data. If the server cannot send data in a format requested in the Accept header, the server sends the 406 Not Acceptable error.

The error can also be generated by the mod_security module. Mod_security, a type of firewall program that runs on Apache web server, scans for violations of the rules it has set. If an action occurs that violates one of these rules, the server will throw a 406 error.

What caused this error on my site?

In regards to a site on your hosting account, the cause of the 406 error is usually due to a mod_security rule on the server. Mod_security is a security module in the Apache web server that is enabled by default on all hosting accounts. If a site, page, or function violates one of these rules, server may send the 406 Not Acceptable error.

How can I prevent it?

406 error - Not acceptableMod_security can be turned off. You can also disable specific ModSecurity rules or disable ModSecurity for each domain individually. If you would like mod_security disabled you can disable mod_security via our Modsec manager plugin in cPanel.

Note! You may not have the option to enable or disable mod_security in your cPanel on VPS or Dedicated servers. To disable mod_security on accounts that don't have the option in cPanel, you will need to use command line via SSH or contact tech support to disable/enable it for you.

Alternatively, if you only need certain select rules disabled instead of having it turned off for an entire domain, you can email support@inmotionhosting.com to do so. If you send an email, for verification purposes please provide us with the original cPanel password, the current AMP password, or the last four digits of the current credit card on file.

Did you find this article helpful?

We value your feedback!

Why was this article not helpful? (Check all that apply)
The article is too difficult or too technical to follow.
There is a step or detail missing from the instructions.
The information is incorrect or out-of-date.
It does not resolve the question/problem I have.
How did you find this article?
Please tell us how we can improve this article:
Email Address
Name

new! - Enter your name and email address above and we will post your feedback in the comments on this page!

Related Questions

Here are a few questions related to this article that our customers have asked:
Ooops! It looks like there are no questions about this page.
Would you like to ask a question about this page? If so, click the button below!
Ask a Question
n/a Points
2014-03-13 7:39 am

I'm facing this error on one of my website > <a href="http://www.coupontray.com/">Coupontray</a> . I have submitted the issue to support team but it is still not resolved.

Staff
8,426 Points
2014-03-13 8:16 am
As stated in the article, this is caused by issues within your code that are flagging mod_security as insecure. You could either resolve the insecurity within your code, or turn mod_security off. Of course, fixing the issue is the best solution as turning mod_security off could open that potentially insecure page up to malicious attacks on your site.
n/a Points
2014-03-13 8:49 am

Everyting was fine in the code untill 9th March. I disabled Mod_Sec but the issue was not resolved. Please check ticket id 1744538 .

Staff
8,426 Points
2014-03-13 8:52 am
Unfortunately, I am unable to provide any account-specific information via this public message board. If you have an open ticket with support, I recommend waiting for a response from our technical support team.
n/a Points
2014-03-13 8:58 am

Well I'm waiting for more than one day without any positive feedback.

Staff
8,426 Points
2014-03-13 9:04 am
I do see that your ticket is still open with a higher tier of support. They will be getting back to you as soon as possible. Thank you for your patience.
n/a Points
2014-04-12 1:36 pm

The same thing happened to me to and around the same date.  I don't want to disable mod sec because it may open my site up to any more potential problems.

Staff
8,426 Points
2014-04-14 8:24 am
Any insecure code on your site can indeed flag mod_security. If you do not want to disable mod_security, you will need to locate the problematic code and adjust it accordingly. For more information on what may be flagging mod_security, you may review your Apache error logs from within cPanel for any related errors.
n/a Points
2014-07-07 6:11 pm

Hi im using an iphone 4. Receiving server code 406 while trying to access anything that need internet how do i fix this please

Staff
16,680 Points
2014-07-07 6:25 pm
Hello Robert,

I'm sorry to hear that you're having problems with a Mod security error. In general, the 406 error is occurring because something is trying to be accessed that the server is not allowing. As per the article above, you can disable the Mod-security, but it's not typically recommended. You state that you're having the problem accessing "anything that need internet". That's a very general statement. You will need to help narrow down the problem. Have you tried to access your website through a computer (not the iPhone)? Also, WHAT are you trying to access? You have not provided any website information, so it makes it very difficult for us to try to help you. Can you provide us any specific information such as your website or any error messages? This would help us to isolate the problem and troubleshoot the matter for you.

Regards,
Arnel C.

n/a Points
2014-08-07 4:50 pm

Hi There,

I am receiving a 406 when trying to access a php from an arduino. 

It has been working from days until '2014-07-08 19:20:00 UTC'.

I am able to access from a computer and cell phone, but not from the arduino, I always get a 406.

I have already disabled mod_security.

What else could I do?

Thanks

Staff
8,426 Points
2014-08-07 4:54 pm
This is most likely caused by the user agent that is being sent from the Arduino. My best advice would be to change the user agent so that it appears as it if were a normal desktop user.
n/a Points
2014-08-07 5:00 pm

I didn't change anything on the arduino code, I didn't even restarted since this starting ocurring.

Why is it now showing 406 and not before?

Staff
18,373 Points
2014-08-07 7:01 pm
Hello Leandro,

If you have already disabled the mod_security and still get the 406, you will want to contact our Live Support so they can find the specific cause of your error.

Kindest Regards,
Scott M
n/a Points
2014-08-08 8:25 am

Thank you Jeff, changing the user agent solved the issue.

n/a Points
2014-08-28 10:20 am

I found that if I used the words "drop" and "from" in a text I want to enter into the database the server throws a 406 error. For instance, the phrase "I had to drop him from the class roster" threw a 406 error, when I tried to add that text. However, if I changed it to "I had to remove him from the class roster" it went through just fine. The mod_security rules involved can sometimes be a little onerous.

n/a Points
2014-08-28 10:25 am
Show a way to disable mod_security2 for specific domains, or at least show how to disable some of the onerous rules that are causing the problems.
Staff
8,426 Points
2014-08-28 10:32 am
Unfortunately, it is only possible to disable mode_security across the cPanel account within a shared hosting environment. If you are on a VPS or dedicated server, we can indeed disable specific rules for you and make more custom changes.
n/a Points
2014-08-28 9:33 pm

I suppose I can tell all my clients to drop your hosting service and go to one that is not using mod_security2, which is now causing quite a few problems with various CMS programs (Wordpress, Drupal, and various others). Maybe they should choose a web host who wants to help the customer instead of actively not trying to help them with their problems. Mod_security2 is wreaking hell and all you can say is "sorry, we can't help you. You're on a shared hosting account." I know for a fact there is a way to disable this for each domain, even with a shared hosting account. All you have to do is look at the procedures available online by Googling "disable mod_security2 for a domain."

Post a Comment

Name:
Email Address:
Phone Number:
Comment:
Submit

Please note: Your name and comment will be displayed, but we will not show your email address.

19 Questions & Comments

Post a comment

Back to first comment | top

Need more Help?

Search

Ask the Community!

Get help with your questions from our community of like-minded hosting users and InMotion Hosting Staff.

Current Customers

Chat: Click to Chat Now E-mail: support@InMotionHosting.com
Call: 888-321-HOST (4678) Ticket: Submit a Support Ticket

Not a Customer?

Get web hosting from a company that is here to help. Sign up today!