Mysterious 403, 404, 406, 500 or "Page not found" errors depending on submitted content
Last modified: April 25, 2008 - 15:18
When submitting certain words in content, you receive a 403, 404, 406, 500 or "Page not found" error message.
This behaviour is most likely caused by the Apache module mod_security. Depending on its filter settings, phrases that trip the module include
lynx, perl, mother, select from, table, cc:, and many more.
Ask your host to tone down the mod_security settings.
Alternatively you can try to add the following to .htaccess:
# Turn off mod_security filtering.
<IfModule mod_security.c>
SecFilterEngine Off
</IfModule>This will turn off filtering by mod_security.
Not all hosts will allow this, so you may need to contact your hosting provider.
ModSecurity 2
The syntax for ModSecurity2 is a little different.
# Turn off mod_security filtering.<IfModule mod_security2.c>
SecRuleEngine Off
</IfModule>
For me it didn't work in the .htaccess (.htaccess: SecRuleEngine not allowed here). So, I had to turn it off from the modsec2.conf
I ran into something similar
I ran into something similar while editing a CCK content type field in a newly deployed site on a VPS hosting account. I'd get a 500 Internal Server Error whenever I tried to submit a form to change a text select field with a large set of allowed values. When I checked my logs mod_security rules 300016 and 300013 where getting false positives. Instead of removing mod_security altogether I put in an exclusion rule at the end of the mod_security configuration file. As discussed here... http://drupal.org/node/144582
I used the exclusion rule below so these wouldn't generate false positives when I was editing my content types.
#drupal exclusion rule<LocationMatch "/admin/content/node-type/*">
SecRuleRemoveById 300013
SecRuleRemoveById 300016
</LocationMatch>
Thought it might be helpful.
Multiple .htaccess?
Which .htaccess is this referring to? The one in the top of the Drupal installation folder, or the one in the "sites/default/files/" folder?
I've been trying to deal with an error that is similar to this, where it seems to happen randomly with POSTs, but adding these lines to the .htaccess in the top Drupal folder didn't have any effect. The .htaccess in sites/default/files is write-protected, so I'd like some confirmation before screwing anything up :)