Registration denied by Mod_Security

Hi, has anybody got experience with the following:

I have a membership site with three different plans, and all is going well --- except for one visitor. Whenever they have filled in all the details and click submit, the server interrupts all with the message "Not Acceptable! An appropriate representation of the requested resource could not be found on this server. This error was generated by Mod_Security." Screenshot:



I've got the visitor's IP so in the serverlog I just see a normal (status: 200) visit. I have other visitors registering and paying on all three plans, no problem (and no complaints). I took that visitor's data and tried to register in their name and I got the same response. They were visiting from a trusted network (University of Cambridge, actually) and I'm visiting from home. I don't think a language blacklist was triggered as I don't see accidentally tripping that*.

I'm not that clear on what Mod_Security looks out for... The website is on a shared host [BlueHost] so the settings are out of my reach; I'll try to deal with support again but I want to understand what to ask for before I waste energy on that again.

Any ideas/suggestions?

[*I mean e.g., the word "classic" is wrongly parsed therefore censored as either "cl*ssic" or "clbuttic".]

Hi Marvin

The error throws by the server, this is not related to code, so Yes, you will have to contact your hosting provider and ask them to check it

Regards,

Tuan

Hi Tuan,

OK, thanks for confirming! I was hoping someone had experience with what kind of thing triggers this --- blacklisted IP, HTML in textbox answers, ... .

In my situation, I worked around the Mod_Security block, by making an account for this visitor, and then a backdated (just-expired) subscription; so then they "renewed" and after that I deleted the expired subscription.

OK --- I've found the cause:

If a hyperlink is posted into a textfield, Mod_Security forbids registration. If you cut the protocol (like https://) off, it is allowed. In my case, I have such a text field because I must ask for proof of student status.

Is there an obvious way to validate a specific field, and cut out the "http" before submitting?

Hello Marvin

I don't understand why mod_security blocks it. What if you ask users to provide website URL for example? It's a valid requirement and should not be blocked

If mod_security blocks it, I think it needs to be re-configured to allow entering URL into a text field

Tuan

I also don't understand it, because in another field I ask people if they have a homepage URL they want displayed (optional URL field). A lot of people have filled this in, and it does NOT trigger Mod_Security --- so I think it has something to do with the validation of a textfield?

I don't have experience with Mod_Security , so I am unsure. If you really want to figure out, I think you will need to contact your hosting provider and ask him to check it.

They should be able to check and give you a clear answer

Tuan