Print-Clearly

Browse Site

What is an http 406 Error?

While working on a site for someone who had sorted out their own hosting, with a hosting company I’d not used before, I came across an http 406 error on installing a WordPress site that had worked fine in my development environment. I’d not come across this before on any other projects either.

406 Not Acceptable

The resource identified by the request is only capable of generating response entities which have content characteristics not acceptable according to the accept headers sent in the request.

The error came about in the form of not sourcing the JavaScript files. They existed on the server but the server wasn’t allowing them to be called by the site. When opening the source code in Firefox I could see the following call in my page’s header:

<script type='text/javascript' src='SITE_URL/wp-content/plugins/font-resizer/js/jquery.cookie.js'></script>
<script type='text/javascript' src=
'SITE_URL/wp-content/plugins/font-resizer/js/jquery.fontsize.js'></script>

However, following those links returned the 406 error.

According to the World Wide Web Consortium “HTTP/1.1 servers are allowed to return responses which are not acceptable according to the accept headers sent in the request” (http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.7). Not that this tells you much other than a 406 error is a perfectly acceptable response.

After some time spent on Google I realised that this can be caused by security settings on the server, and in this case the host had installed mod_security, an open-source firewall for Apache servers. Being shared hosting, I realised that this would be a pain to sort out with the hosting company’s support (we’ve all been there!) so looked at the reasons why this error was being thrown. The firewall rules are apparently published here but not having the time or inclination; I took the man’s route and avoided reading the instructions!

The Fix

As I was getting http 406 errors from my JavaScript files the first thing to try was changing the filenames (being in the format “jquery.xxx.js”). So I removed the spare full stop in the file names and this worked (so becoming “xxx.js”) – the security settings on the server obviously saw this as some sort of a threat. Sadly it took a lot longer to find out than it did to write down the solution but that’s always the way!!

See here for how I fixed this in my WordPress plugin.

This entry was posted in php, Web, Websites.

Comments are closed.