Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.Modsec returns some 406 triggered by the usr-agent and not because of the URL being requested. This makes Drupal return (and caching) a 404 page even for existing pages. Main issue is about subsequent requests from legitimate users to those valid URLs are receiving the cached "404" pages.
Comments
Comment #1
damien tournoud commentedIf the 406 is generated by mod_sec, Drupal probably doesn't see it, and can't do anything about it. Please elaborate on why "mod_sec returns 406 then Drupal cache a 404".
Comment #2
adminfor@inforo.com.ar commentedI'm seeing in watchdog for each: type: "Page not found" , message: "406.shtml", severity=1 and in location the corresponding URL, existent or not.
Thanks
Comment #3
adminfor@inforo.com.ar commentedComment #4
damien tournoud commentedYou should remove your custom error handler (at least for 406 pages). Requalifying this as a support request.
Comment #5
adminfor@inforo.com.ar commentedThank your Damien. Do you mean in Drupal "error-reporting" settings or apache ErrorDocument? In Drupal there is only 403 or 404.
Comment #6
damien tournoud commentedI meant Apache' ErrorDocument directive.
Comment #7
adminfor@inforo.com.ar commentedAs far as I could see the only ErrorDocument set in my installation is in .htaccess in the form "ErrorDocument 404 /index.php".
Nothing special for 406's
thanks
Gustavo
Comment #8
adminfor@inforo.com.ar commentedFor the meanwhile, I have turned off modsec because is not possible to avoid impact Drupal's cache
Comment #9
dpearcefl commentedConsidering the time elapsed between now and the last comment plus the fact that D5 is no longer supported, I am closing this ticket.