Error 406

I am moving some sites to a new host and noticed I was seeing cPanel errors for 406.shtml not found.

Looking at the visitor log I see:

139.99.9.74
/wp-cron.php?doing_wp_cron=1592207082.0703480243682861328125
https://mysite.com/wp-cron.php?doing_wp_cron=1592207082.0703480243682861328125
WordPress/4.9.14; https://www.classicpress.net/?wp_compatible=true&ver=1.1.3

It appears ClassicPress is causing the error when calling a cron job.

Is this a problem? If so, what could be causing it? I’ve never seen an error 406 before.

Not a problem I’ve seen on any of my sites. I doubt that it’s ClassicPress that’s causing the error.

I’d check your .htaccess (if using Apache) first of all and make sure it’s not using any weird character encoding or MIME types.

It may also be caused by a MODSEC rule which, if you don’t have access to the backend, you’d need to ask your hosting company about.

Yes, I’d say it’s most likely MODSEC that’s being triggered, but I don’t want to turn it off just for that.

It is only the cron job that is triggering it and there are no on-screen errors. 139.99.9.74 is actually the server IP. I have created a blank 406.shtml file, which has stopped the cPanel error, but it’s still showing in the visitor log.

This server seems to be locked down a lot tighter than any I’ve used before.

I would disable MODSEC rules one at a time to try and find out which one is causing the problem.

The only other thing I can think of is to open up .htaccess in the root folder and double-check it has these exact lines:

# BEGIN ClassicPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END ClassicPress

Yes, those lines are there. I will ask the hosting company and see what they say.

The host has MODSEC rules to prevent cron.php from firing

I don’t have access to those rules, so it’s either MODSEC on or off.

Bizarre. I can’t see why they should want to stop cron.php from firing. That is, after all, a core part of WordPress / ClassicPress. Did they give any reason for blocking cron?

No, but there are lots of hits on Google about disabling it, because it runs on every page load? Then creating a manual cron job instead.

I duplicated the file as my-cron.php and ran it. That seemed to work. Setup a manual cron job to call that every hour.

Will see what they say in reply to that. I did ask them how sites are supposed to do housekeeping if cron is disabled, but no reply as yet.

Well that didn’t work. While I can manually call /my-cron.php and it works, the cron job fails with an error 406 again.

How are you calling the cron manually and inside crontab?

By manually, I simply went to /my-cron.php but that only appeared to work on one site. On others it did nothing.

I tried two cron job commands:

wget -q -O - https://mysite.com/my-cron.php?doing_wp_cron >/dev/null 2>&1

curl https://mysite.com/my-cron.php?doing_wp_cron >/dev/null 2>&1

They both caused a 406 error.

I have found other requests that have been killed by 406 as well, which is a pain. The only option is to turn modsecurity off or maybe look for a plugin that can do most of what modsecurity does.

This is annoying because it was looking like a good, fast host. I need a Singapore based one because Australian reseller hosting is too expensive. US and UK servers are too slow for me.

Maybe modsecurity setup wants a real browser…
Try
curl https://mysite.com/my-cron.php?doing_wp_cron -H "User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.89 Safari/537.36"
from command line to see if you get a 406…

Have you tried italian ones?

@Simone
You’re a genius! That worked and the cron job did everything it was supposed to do.

You may just have saved my websites. Will let you know how it goes.

Everything is working perfectly. The other calls that were also generating 406 errors no longer do so either.

My idea to clone the wp-cron.php file as my-cron.php got around the modsec rule, but I couldn’t get the cron job working. Simone’s modified command solved that issue.

The hosting company was of no help whatsoever, which is par for the course. Their fix was to turn off modesec, which is what most hosts tell people to do. It’s an easy fix for them, but they don’t tell customers the ramifications of doing that.

Members here have a wealth of experience and offer their help freely. That is something sadly lacking in the industry and is what makes ClassicPress such a breath of fresh air.

In a world that has gone mad, the calm and generosity of people here is something worth treasuring.

I had spent days searching for an affordable and quality host in Singapore and they are few and far between. To have it then throw this at me, really hurt. But now the work has been worth it.

Good catch @Simone!

My daily database backup for classicpress.club came through bang on the hour, when the cron is set to run

I’m not sure what the forum policy is about promoting a particular host, but I’d like to say that UpCloud (a Finnish VPS company) has a Singapore data center. I’ve used 4 UpCloud servers (mine are in Frankfurt) with the RunCloud control panel for a few months now and am pretty impressed.

But it depends whether VPS is what you need.

Thanks. No I don’t need a VPS, just a reseller account. None of my sites use a lot of resources.

With this host I get 25GB and 25 cPanel accounts for US$140.00 per year. That is spot on for me and sites are loading very fast for me here.

No problem. I don’t think I have any names to recommend at that price point - SiteGround are certainly way more (and I don’t recommend them anyway these days).

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.