Hi, has anybody got experience with the following:
I have a membership site with three different plans, and all is going well --- except for one visitor. Whenever they have filled in all the details and click submit, the server interrupts all with the message "Not Acceptable! An appropriate representation of the requested resource could not be found on this server. This error was generated by Mod_Security." Screenshot:
I've got the visitor's IP so in the serverlog I just see a normal (status: 200) visit. I have other visitors registering and paying on all three plans, no problem (and no complaints). I took that visitor's data and tried to register in their name and I got the same response. They were visiting from a trusted network (University of Cambridge, actually) and I'm visiting from home. I don't think a language blacklist was triggered as I don't see accidentally tripping that*.
I'm not that clear on what Mod_Security looks out for... The website is on a shared host [BlueHost] so the settings are out of my reach; I'll try to deal with support again but I want to understand what to ask for before I waste energy on that again.
[*I mean e.g., the word "classic" is wrongly parsed therefore censored as either "cl*ssic" or "clbuttic".]
OK, thanks for confirming! I was hoping someone had experience with what kind of thing triggers this --- blacklisted IP, HTML in textbox answers, ... .
In my situation, I worked around the Mod_Security block, by making an account for this visitor, and then a backdated (just-expired) subscription; so then they "renewed" and after that I deleted the expired subscription.
If a hyperlink is posted into a textfield, Mod_Security forbids registration. If you cut the protocol (like https://) off, it is allowed. In my case, I have such a text field because I must ask for proof of student status.
Is there an obvious way to validate a specific field, and cut out the "http" before submitting?
I also don't understand it, because in another field I ask people if they have a homepage URL they want displayed (optional URL field). A lot of people have filled this in, and it does NOT trigger Mod_Security --- so I think it has something to do with the validation of a textfield?