Upfront & Parrot Not Saving // Mod_Sec Error 406 (Not Acceptable)


We have recently installed Parrot with Upfront on our system running centos 6.7, PHP 5.4.45, and Apache v3.28.3 I have been reading all I can about fixing this Mod Sec 406 Ajax error and I cannot for the life of me figure out how to make this work.

I have tried multiple fixes based on the forums. I have modified my .htaccess record to include;

<IfModule mod_security.c>
SecRuleEngine Off
SecFilterInheritance Off
SecFilterEngine Off
SecFilterScanPOST Off
SecRuleRemoveById 300015 3000016 3000017

<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off

As well as the rules most often recommended by your team

<IfModule mod_security.c>
SecFilterRemove 00318

And my wp-config.php file to include;

define( 'WP_MEMORY_LIMIT', '256M' );
define('UPFRONT_DEBUG_LEVELS', 'dependencies');
And I have toggled developer mode to no avial.

I have disabled all plugins included WPMU Defender as I thought that might have been throwing the BLIND SQL Injection Error and halting the process.

I have also written a custom Mod_Sec Tool Rule to prevent the 406 Error from being caught and it even stopped showing up in the Developer Tools Console, but was still unable to save changes made in Upfront.

I have given access in the dashboard so you can poke around. I can provide ssh/ftp login upon request.

Looking for a quick fix here guys. I love what you are doing and want to work with you to make this happen quickly.

  • Adam Czajczyk

    Hello Brandless,

    I hope you're having a fantastic day!

    The "406 not acceptable" error usually comes indeed from mod_security module. I see that you tried many fixes already and they didn't work. That's unfortunately possible as if you don't have a direct access to Apache config, there's no way of knowing how it was setup - it's a bit of "blind guessing" often.

    Yet, I'd like you to try one of the fixes you already tried again but in a bit different way. Please create an empty ".htaccess" file and put this code inside:

    <IfModule mod_security.c>
    SecFilterEngine Off
    SecFilterScanPOST Off

    then upload it to the "/wp-admin" folder of your WordPress.

    If this doesn't help, it may be a good idea to get in touch with your host and ask them if they could either adjust "mod_security" security rules for you or simply white-list your domain (or at list /wp-admin path).

    Keep me updated please!
    Best regards,

  • Milan

    Hello @support575,

    Hope you are well today and thanks for sharing solution which worked for you with us. :slight_smile:

    As for now this thread has reaches its destination and you problem has solved so I am marking this one as resolved. You do not need to ping us back here now. But if you face any problem in future regarding this please feel free to repoen this or issue new thread.

    Thanks for being with us.

    Enjoy WPMU DEV.


Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.