phpdevshell team mailing list archive

Thread
Date

[Bug 708935] Re: 406 Access Error (cookies?) with v3RC1

To: phpdevshell@xxxxxxxxxxxxxxxxxxx
From: jsherk <708935@xxxxxxxxxxxxxxxxxx>
Date: Fri, 28 Jan 2011 00:58:33 -0000
Reply-to: Bug 708935 <708935@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Ok, this does NOT appear to be related (that I can tell) to the .cookie
issue! Here is the apache log report:

[Thu Jan 27 17:38:00 2011] [error] [client 11.111.111.111] ModSecurity:
Access denied with code 406 (phase 2). Pattern match "\\b(\\d+) ?=
?\\1\\b|[\\'"](\\w+)[\\'"] ?= ?[\\'"]\\2\\b" at REQUEST_HEADERS:Cookie.
[file "/usr/local/apache/conf/modsec2.user.conf"] [line "101"] [id
"959901"] [msg "SQL Injection Attack"] [data "1=1"] [severity
"CRITICAL"] [tag "WEB_ATTACK/SQL_INJECTION"] [hostname "mydomain.com"]
[uri "/phpds/index.php"] [unique_id "TUIB2EpW6YIAABOm6z8AAAAT"]

-- 
You received this bug notification because you are a member of
PHPDevShell, which is subscribed to PHPDevShell.
https://bugs.launchpad.net/bugs/708935

Title:
  406 Access Error (cookies?) with v3RC1

Status in Open Source PHP RAD Framework with UI.:
  New

Bug description:
  There was a previous bug reported that was affecting the tabs on the
  admin screen and where I was getting a 406 error and it turned out to
  be mod_rewrite blocking a cookie file with .cookie in the name.

  Although I am having no problem with the tabs, I am getting a 406
  error under certain circumstances, specifically when trying to save
  settings from the System Settings tab. Once I get the error, I cannot
  access phpds at all, until I clear all the cookies, at which time I
  have access again.

  I will try to pinpoint the file that is causing the problem! Anymore
  .cookie files anywhere?

  Thanks

References

[Bug 708935] [NEW] 406 Access Error (cookies?) with v3RC1
From: jsherk, 2011-01-27