I've built some kind of CMS application using php and mysql. Everything has worked perfectly on localhost, so I've moved it to the web. Now I'm experiencing strange problems when someone is adding new article. Sometimes it just gets added normally, and sometimes the user get's this error:
Not Acceptable An appropriate representation of the requested resource /path_to/file.php could not be found on this server.
After some time on Google, I've found out that mod_security is blocking my script (or something like that). Is there any way that I can see why it is blocking my script?
I'm not very familiar with mod_security, but as I understand it is there to provide another level of security to web applications by enforcing some rules. So can I see which rule blocks my app so that I can fix it?
Some additional info:
/path_to/file.php (the file on which this Not Acceptable error is happening) is .php file that is used only with AJAX. I am sending it some data through POST and I'm also sending some file (pictures, text documents, etc.). File upload limit on the server is 20MB. Currently I'm sending 17 pictures (about 10MB), and it's still failing (I get Not Acceptable error). But I've also tried to send only one picture and document, and that has worked without problems.
EDIT: I am using shared host (with CPanel).
mod_security is able to log all blocks in a log file. You can see in that log file exactly what rule it was.
In most cases I use the log file as pointed out by Emil.
mod_Security creates two separate log files and also Apache reports the error in its own logs. Both can be useful. Actually, if you find the error in Apache it should give you the mod_security file and line number of the rule that prevented your POST to work.
Now, in most cases they detected an invalid header, generally something's missing that is expected by the HTTP protocol (although they test some things that are not required but are there 99.9% of the time.)
Of the two files offered by mod_security, it is not unlikely that one of them is not created: the audit file which uses a very large amount of disk space as it writes all the details of the transaction to disk.
In case of a POST, the number of variables or if a variable is not correctly defined is a common error detected by mod_security.
On Ubuntu (Debian) the log files end up under /var/log/apache2/... (Apache output) and /var/log/apache2-more/... (mod_security).
来源:https://stackoverflow.com/questions/10864238/mod-security-is-sometimes-blocking-my-ajax-script-how-can-i-find-out-why