Not Acceptable! Error

SuiteCRM Forum - English Language SuiteCRM General Discussion
1

Hi
When I have created a new quote it has given me an error it works fine for contact, account, lead and other modules.
I have check file permission also but it does not work for me.
The Error is:
Not Acceptable!
An appropriate representation of the requested resource could not be found on this server. This error was generated by Mod_Security.

2

Is this in the app or are you accessing the API?

Which version are you on?

3

Hi pgr
I have Download SuiteCRM-7.11.9 from the official site and install it on my server.

4

You didn’t answer about the API…

Please upgrade to the latest version, it has an htaccess fix which I believe might solve your problem.

6

Hi, I have the same erro message when I try to update the Description field of my Accounts, from today , I am hosted on fastcomet with php 7.3 and suitecrm Version 7.11.21:

Not Acceptable

An appropriate representation of the requested resource could not be found on this server.

Additionally, a 406 Not Acceptable
error was encountered while trying to use an ErrorDocument to handle the request.

Then fastcomet has adjusted my issue in 13 minutes from my ticket disabling temporarely the ModSecurity module .

Error message:

[Fri Sep 03 02:47:51.367893 2021] [:error] [pid 521542:tid 47337722349312] [client IP:door] [client IP] ModSecurity: Access denied with code 406 (phase 2). Pattern match “[\\n\\r]” at ARGS_GET:value. [file “remote server”] [line “-1”] [id “1900600”] [msg “Malware.Expert - HTTP Header Injection Attack via payload (CR/LF detected)”] [hostname “MYWEBSITE”] [uri “/MYFOLDER/index.php”] [unique_id “YTFwt-vaoAWd2dw9ChnOBgAAAUc”], referer: MWEBSITE/MYFOLDER/index.php?action=ajaxui

The current solution is to keep ModSecurity deactivated, however, I should check the website with a developer when possible, since allowing this request may leave a security vulnerability that can be used to exploit the website.

7

A bit drastic - The log tells you which rule is being broken. You could get away with just disabling that rule rather than all of mod_security.

If you could give us an idea of the URL that creates that error, then that would be useful in helping to identify the cause of this. Application firewalls quite rightly complain when there are new lines in the GET request!

8

https://www.efortedigital.com/ do you need also the subfolder with the login page?

9

For the URL, I’d like to be able to reproduce the problem, in an environment where I can look at the log files myself.

So if I get the 406 Not Acceptable error on the UR:

https://mydomain.com/index.php?action=ajaxui#ajaxUILoc=index.php%3Fmodule%3DAccounts%26action%3Dindex%26parentTab%3DMarketing

The bit I’m interested in is the bit after the mydomain.com, and a description of what you did to get the error.

As an aside, you could also benefit from learning to manage/modify your standard mod_security OWASP application firewall rules:

is the basic set, and:
https://www.feistyduck.com/library/modsecurity-handbook-free/online/ch01-introduction.html

is a really useful online resource for learning about and dealing with this type of issue.

10

After upgrading to suitecrm version 7.11.22 I tryed to re-enable the modesecurity and now it works well. if I have other issues, I will let you know! Thanks for the patience! Is that enough or Would be better if I still give more informations?

11

Thankyou for the feedback. That’s good to hear :slight_smile:

As long as we know that there was a problem and that upgrading fixes it, then that’s good for me. Don’t want to waste time fixing faults that no longer exist.