What is HTTP Error 406 Not Acceptable – How to Fix It?
Regardless of what may be causing them, server errors are without doubt frustrating both for users visiting your website and for you as the website owner. While some HTTP errors are more common than others, it’s always good to be prepared for any error that your web server may throw at you. Luckily, HTTP Error 406 Not Acceptable is not as common as 404, 500 or 301 HTTP codes are, but you may encounter it nonetheless, and when you do, the cause is usually one of the following two: a content type negotiation problem or misunderstanding or a mod_security rule setting problem, the latter being the most common of the two.
This article sheds light on why a server returns a HTTP error 406 Not Acceptable and what can you do to fix the underlying problem.
Stop Getting Errors on Your Website!
InMotion Hosting offers reliable hosting service and top-notch 24/7 online support. Click here to get 47% discount!
HTTP Error 406 Caused by an Accept Header Problem
When a client (web browser) wants to load a webpage, first it needs to obtain the IP address of the server. To this end, it does a DNS lookup, which translates the domain.com to an IP address. The DNS might return multiple IP addresses; in that case, it will pick the first one and establish a TCP Socket connection to port 80 or 443 to that IP address. Upon a successful connection, it will write the HTTP request data (e.g. GET / HTTP/1.1, Host: domain.com, Accept: text/html, User-Agent: Mozilla …).
The server, after it receives a request, depending on the Accept header, it might return a 406 status code indicating that it cannot send the data in any of the formats mentioned in the client’s Accept header. This rarely happens in real life because most web browsers will accept anything signaled by */* in the Accept header of the request. This is a last resort effort, the clients usually signal what content type they want to receive, and they define a priority list, */* us usually with the lowest priority (q=0.5). For example, the client sends the request because there is an img tag in the html, it will signal it to the server that it’s expecting an image in the first place. Accept headers can have various types (accept-encoding, accept-charset, accept-ranges, accept-language, etc.), specifying the characteristics of the data they accept. For example, a web browser may be able to process only HTML or GIF files, so if the web server would not be able to return data in any of these formats “understood” by the client, it will display a 406 Not Acceptable error code.
The reverse can also happen: if a web server doesn’t know the request extension, it may search for another application installed on it to see if that would be able to serve the file. If there isn’t any other application that can serve the file, it will return a 406 Not Acceptable error. The server also will return a 406 when it is not sure about the MIME type of the requested file. This can be quite useful as it might prevent leaking of sensitive information commonly kept in exotic file extensions like .ini, .kdb, .pass, etc.
How to Fix It?
Given that a 406 status code can be a content type negotiation mismatch issue, you need to implement certain changes so that the server has a MIME type associated with the request extension.
If you are running an IIS based web server, you need to make sure that the IIS recognises your extensions. You can add new extension to IIS simply by editing the MIME types. You can add for example *.less and set its MIME type to text/css. This is the most straightforward solution to a 406 Not Acceptable HTTP error returned by the server. If you are running Apache as your webserver, you can add MIME types in the .htaccess file or your VirtualHost configuration. An example for the .less file would be “AddType text/css .less ”.
Alternatively, you can make changes in the Accept header of your browser so it knows the MIME type handled by your server. Making changes to the Accept header can also help, however, it’s a less viable solution than changes made on the server side.
HTTP Error 406 Caused by a mod_security Rule Setting Problem
The other scenario in which you may be met with a 406 status code is when a mod_security rule is enabled on an Apache server. It’s a type of web application firewall (WAF) program enabled by default on the hosting accounts of some web hosting providers. For example, InMotion Hosting has mod_security enabled on all their Apache based hosting accounts to protect web applications from common attacks like XSS or SQL Injections, as these types of security holes can easily creep into web applications. The mod_security continuously scans the server and the incoming request and the outgoing response for violations of rules it has set. If an action that violates the rules set in the mod_security occurs (a violation caused by a site, page or function), the server will send a 406 Not Acceptable error.
How to Fix It?
Disabling mod_security for each of your domains individually or disabling certain rules in Mod_security will help fix the error. If your hosting account comes with cPanel, the easiest way to turn off mod_security is via the modsec Manager plugin. Alternatively, you can use command line in SSH. If you want to disable specific rules or your hosting account does not come with the option to disable/enable mod_security, you need to get in touch with your web hosts’ customer support team to do it for you.
Albeit an infrequent HTTP error, a 406 Not Acceptable error can make an appearance here and there, and when it does happen, it’s most probably caused by a mod_security rule setting problem rather than an Accept header problem. If you’re not comfortable dealing with this issue alone, don’t hesitate to contact the web hosting company your website is hosted at as they can easily get to the root of the problem and fix the error for you.