I was working on a blog post and had written a part of it and saved it. After some days, I visited the post again to complete it but it would not save, clicking on “Save Draft” button displayed a 404 not found page.
I tried to edit the post with same new content multiple times but same 404 error. Then, since I already had some post content saved, I tried to save it again with no update; it worked. So, I started updating the post content in steps, it was working and content was saving.
Was the error due to POST size?
This question was coming to my mind but I was not convinced as I was adding only text and had entered only a few paragraphs. I kept on adding content section by section, then came a section of content which triggered the same 404 error again. If I removed the section that gave error with any other text, it would save. This allowed me to conclude that it was due to the content but how to fix it was the next question?
I took a back up of code and database from server and then set it up on my machine locally. I tried to update the same post again and it was saved with no issues.
So I was sure that there was no issue with WordPress plugins. I thought that it has something to do with server or CDN.
Now I setup a vanilla WordPress install on a subdomain and tried to add the same content. When I clicked the “Save Draft” button it gave me error:
Not Acceptable An appropriate representation of the requested resource /testwp/wp-admin/post.php could not be found on this server. Additionally, a 406 Not Acceptable error was encountered while trying to use an ErrorDocument to handle the request.
With this error message I was able to identify that the issue was because of “mod_security” Apache module.
This error was displayed here instead of 404 page because the permalink setting on this install was WordPress default.
Mod_Security is a web application firewall and it can help us to secure our sites against RFI, LFI, XSS, SQL Injection etc. You can get more information about mod_security in WIKI.
Disabling it can impose security risks. Check with your hosting provider if “mod_security” plugin has been configured properly.
You may add the below code to your .htaccess file while adding/edited posts to temporarily disable the “mod_security” plugin but this will work only if your hosts allows it.
# BEGIN 406 Not Acceptable error <IfModule mod_env.c> SetEnv MODSEC_ENABLE Off PassEnv MODSEC_ENABLE </IfModule> #END 406 Not Acceptable error
# BEGIN 406 Not Acceptable error <IfModule mod_security.c> SecFilterEngine Off SecFilterPost Off </IfModule> # END 406 Not Acceptable error
If you hosting provides you CPanel access, check the Security section to see if you have the “ModSecurity” configuration access.
In my case I had to contact the hosting provider to get it fixed and thanks they were helpful.
Warning: Make sure to take up a backup of your production site when doing any configuration changes.