HTTP Error 406 Not acceptable by Disable ModSecurity in cPanel

A client (e.g. your Web browser or our CheckUpDown robot) can indicate to the Web server (running the Web site) the characteristics of the data it will accept back from the Web server. This is done using 'accept headers' of the following types:

Accept: The MIME types accepted by the client. For example, a browser may only accept back types of data (HTML files, GIF files etc.) it knows how to process.

Accept-Charset: The character sets accepted by the client.

Accept-Encoding: The data encoding accepted by the client e.g. the file formats it understands.

Accept-Language: The natural languages (English, German etc.) accepted by the client.

Accept-Ranges: Whether the client accepts ranges of bytes from the resource i.e. a portion of the resource.

If the Web server detects that the data it wants to return is not acceptable to the client, it returns a header containing the 406 error code. (Last updated: March 2012).

Fixing 406 errors - general

This error occurs very infrequently in Web browsers, because most browsers will accept any data returned from the Web server.

If the client is not a Web browser, then anyone can only investigate the problem by looking at the Accept headers generated by the client system and the data stream returned by the Web server. If you do not have access to the source code for these systems, the only thing you can do is refer the problem to technical support people at the companies that developed the systems.

Fixing 406 errors - CheckUpDown

Our service monitors your site for HTTP errors like 406. This error should simply never occur in your CheckUpDown account. If it does, it typically indicates defective programming of our systems or of the Web server which manages the site. We do not use accept headers at all, so there is no reason for the Web server to generate a 406 error.

Please contact us (email preferred) whenever you encounter 406 errors - there is nothing you can do to sort them out. We then have to liaise with your ISP and the vendor of the Web server software to agree the exact reason for the error.

406 errors in the HTTP cycle

Any client (e.g. your Web browser or our CheckUpDown robot) goes through the following cycle when it communicates with the Web server:

Obtain an IP address from the IP name of the site (the site URL without the leading 'http://'). This lookup (conversion of IP name to IP address) is provided by domain name servers (DNSs).

Open an IP socket connection to that IP address.

Write an HTTP data stream through that socket.

Receive an HTTP data stream back from the Web server in response. This data stream contains status codes whose values are determined by the HTTP protocol. Parse this data stream for status codes and other useful information.

This error occurs in the final step above when the client receives an HTTP status code that it recognises as '406'.

In this article, we will discuss how you can disable ModSecurity through your cPanel account. ModSecurity is an important apache module that protects your site from possible hacks, and, thus, it is enabled on all new accounts by default.

However, in the course of development you may encounter a situation, like a 406 -- Not Acceptable, error in which you must disable ModSecurity. Follow along with the steps below to see how you can disable ModSecurity for individual domains or all domains on your cPanel account.

Disable ModSecurity for Individual Domains

Log into cPanel