{"id":227,"date":"2025-11-10T15:45:21","date_gmt":"2025-11-10T15:45:21","guid":{"rendered":"https:\/\/adveyer.com\/blog\/?p=227"},"modified":"2025-11-10T15:47:24","modified_gmt":"2025-11-10T15:47:24","slug":"406-access-denied-hatasi","status":"publish","type":"post","link":"https:\/\/adveyer.com\/blog\/406-access-denied-hatasi\/","title":{"rendered":"406 Access Denied (Not Acceptable) Hatas\u0131"},"content":{"rendered":"<p><strong>HTTP 406 Not Acceptable<\/strong>, istemcinin (taray\u0131c\u0131\/API istemcisi) g\u00f6nderdi\u011fi <em>Accept<\/em>\/<em>Accept-Language<\/em>\/<em>Accept-Charset<\/em> gibi ba\u015fl\u0131klara uygun bir i\u00e7erik bulunamad\u0131\u011f\u0131nda <strong>veya<\/strong> g\u00fcvenlik katmanlar\u0131 (WAF\/<a href=\"https:\/\/modsecurity.org\/\" target=\"_blank\" rel=\"noopener\">ModSecurity<\/a>\/CDN) iste\u011fi \u015f\u00fcpheli g\u00f6r\u00fcp engelledi\u011finde d\u00f6ner. Pratikte 406\u2019y\u0131 en \u00e7ok \u015fu nedenler tetikler:<\/p>\n<ul>\n<li><strong>ModSecurity\/WAF kural\u0131<\/strong> (SQLi\/XSS paterni san\u0131lan URL, query string, header)<\/li>\n<li><strong>Apache MultiViews \/ i\u00e7erik pazarl\u0131\u011f\u0131 (content negotiation)<\/strong> \u00e7ak\u0131\u015fmalar\u0131<\/li>\n<li><strong>Yanl\u0131\u015f\/Missing Content-Type<\/strong> ya da framework\u2019te i\u00e7erik pazarl\u0131\u011f\u0131 hatas\u0131 (\u00f6r. JSON beklenirken HTML g\u00f6nderme)<\/li>\n<li><strong>CDN\/Reverse Proxy<\/strong> g\u00fcvenlik filtreleri (Cloudflare, Sucuri vb.)<\/li>\n<li><strong>Eklenti\/tema g\u00fcvenlik filtresi<\/strong> (WordPress g\u00fcvenlik eklentileri)<\/li>\n<\/ul>\n<p>A\u015fa\u011f\u0131daki ad\u0131mlarla sebebi h\u0131zla saptay\u0131p kal\u0131c\u0131 \u00e7\u00f6z\u00fcme ge\u00e7ebilirsin.<\/p>\n<h2>1) H\u0131zl\u0131 Te\u015fhis (Sunucu Loglar\u0131 &amp; Komutlar)<\/h2>\n<h3>a) \u0130ste\u011fi yeniden \u00fcret<\/h3>\n<p>Taray\u0131c\u0131 gizli modda dene. Ard\u0131ndan curl ile minimal istek at:<\/p>\n<pre><code class=\"language-bash\">curl -I https:\/\/alanadiniz.com\/istenen\/yol\r\n<\/code><\/pre>\n<p>JSON bekleyen endpoint i\u00e7in:<\/p>\n<pre><code class=\"language-bash\">curl -i -H \"Accept: application\/json\" https:\/\/alanadiniz.com\/api\/endpoint\r\n<\/code><\/pre>\n<p>E\u011fer Accept ba\u015fl\u0131\u011f\u0131 eklenince d\u00fczeliyorsa sorun <strong>i\u00e7erik pazarl\u0131\u011f\u0131<\/strong> taraf\u0131nda.<\/p>\n<h3>b) Web sunucusu loglar\u0131<\/h3>\n<ul>\n<li><strong>Apache error log:<\/strong>\n<ul>\n<li>CentOS\/Alma\/Rocky: <code>\/var\/log\/httpd\/error_log<\/code><\/li>\n<li>Debian\/Ubuntu: <code>\/var\/log\/apache2\/error.log<\/code><\/li>\n<\/ul>\n<\/li>\n<li><strong>Nginx error log:<\/strong> <code>\/var\/log\/nginx\/error.log<\/code><\/li>\n<li><strong>ModSecurity audit log:<\/strong>\n<ul>\n<li><code>\/var\/log\/httpd\/modsec_audit.log<\/code> veya <code>\/var\/log\/modsec_audit.log<\/code><br \/>\nLog sat\u0131r\u0131nda <strong>id: 9xxxxxx<\/strong> gibi bir kural ID g\u00f6r\u00fcrsen, 406\u2019y\u0131 bir ModSecurity kural\u0131 tetiklemi\u015f demektir.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h3>c) Panele g\u00f6re k\u0131sayollar<\/h3>\n<ul>\n<li><strong><a href=\"https:\/\/adveyer.com\/blog\/cpanel-nedir-ne-ise-yarar\/\">cPanel\/WHM<\/a>:<\/strong> <em>WHM \u2192 Security Center \u2192 ModSecurity Tools \u2192 Hits<\/em> (bloklanan istek ve <strong>Rule ID<\/strong> g\u00f6r\u00fcn\u00fcr)<\/li>\n<li><a href=\"https:\/\/adveyer.com\/blog\/plesk-nedir-plesk-panel-kullanimi-ve-ozellikleri\/\"><strong>Plesk:<\/strong><\/a> <em>Web Application Firewall (ModSecurity)<\/em> b\u00f6l\u00fcm\u00fcnden <em>Audit Log<\/em><\/li>\n<li><strong><a href=\"https:\/\/adveyer.com\/blog\/directadmin-nedir-ve-neden-tercih-edilmeli\/\">DirectAdmin<\/a>:<\/strong> <em>Admin Level \u2192 ModSecurity<\/em> \/ log g\u00f6r\u00fcnt\u00fcleme eklentileri<\/li>\n<\/ul>\n<h2>2) En Yayg\u0131n Nedenler ve \u00c7\u00f6z\u00fcmler<\/h2>\n<h3>A) ModSecurity\/WAF kaynakl\u0131 406<\/h3>\n<p><strong>Belirti:<\/strong> Log\u2019da ModSecurity rule ID\u2019si; Cloudflare WAF Events\u2019te \u201cBlocked\u201d.<br \/>\n<strong>\u00c7\u00f6z\u00fcm:<\/strong><\/p>\n<ol>\n<li><strong>Ge\u00e7ici test:<\/strong> Sadece sorunlu domain i\u00e7in WAF\u2019\u0131 <em>Detection Only<\/em> (sadece kaydet) moduna al.\n<ul>\n<li>cPanel\/WHM: <em>ModSecurity Configuration \u2192 Ruleset: On, Audit: On, Blocking: Off<\/em> (ge\u00e7ici)<\/li>\n<li>Plesk: <em>Web Application Firewall \u2192 Mode: Detection only<\/em><\/li>\n<\/ul>\n<\/li>\n<li><strong>Kural\u0131 bypass et (nokta at\u0131\u015f\u0131):<\/strong><br \/>\nBelirli URI i\u00e7in problemli Rule ID\u2019yi devre d\u0131\u015f\u0131 b\u0131rak:<\/p>\n<pre><code class=\"language-apache\">&lt;LocationMatch \"^\/api\/endpoint\"&gt;\r\n  SecRuleRemoveById 949110 942100\r\n&lt;\/LocationMatch&gt;\r\n<\/code><\/pre>\n<p>(Ger\u00e7ek <strong>Rule ID<\/strong>\u2019lerini audit log\u2019dan al.)<\/li>\n<li><strong>CRS g\u00fcncelle:<\/strong> OWASP CRS\u2019i g\u00fcncellemek yanl\u0131\u015f-pozitifleri azalt\u0131r.<\/li>\n<li><strong>Cloudflare\/Sucuri:<\/strong> <em>Security Events<\/em> ekran\u0131ndan \u201cAllow\u201d kural\u0131 ekle (URI, parametre veya IP bazl\u0131).<\/li>\n<\/ol>\n<blockquote><p>Not: WAF\u2019\u0131 tamamen kapatmak yerine <strong>kural-bazl\u0131<\/strong> whitelist en iyi uygulamad\u0131r.<\/p><\/blockquote>\n<h3>B) Apache MultiViews \/ \u0130\u00e7erik Pazarl\u0131\u011f\u0131<\/h3>\n<p><strong>Belirti:<\/strong> \u00d6zellikle \u00e7ok-dilli URL\u2019lerde ya da uzant\u0131s\u0131z dosyalarda 404 yerine 406.<br \/>\n<strong>\u00c7\u00f6z\u00fcm:<\/strong> <code>.htaccess<\/code> i\u00e7ine MultiViews\u2019\u0131 kapat:<\/p>\n<pre><code class=\"language-apache\">Options -MultiViews\r\n<\/code><\/pre>\n<p>Ayr\u0131ca do\u011fru <strong>Content-Type<\/strong> ve <strong>charset<\/strong> ba\u015fl\u0131klar\u0131n\u0131 g\u00f6nderdi\u011finden emin ol.<\/p>\n<h3>C) Framework\/Backend (Content Negotiation) Hatas\u0131<\/h3>\n<p><strong>Belirti:<\/strong> API u\u00e7lar\u0131nda 406; Accept: <code>application\/json<\/code> ile d\u00fczeliyor.<br \/>\n<strong>\u00c7\u00f6z\u00fcm:<\/strong><\/p>\n<ul>\n<li>Endpoint\u2019in <strong>Response Content-Type<\/strong> ba\u015fl\u0131\u011f\u0131n\u0131 do\u011fru ayarla (\u00f6r. <code>application\/json; charset=utf-8<\/code>).<\/li>\n<li>Spring\/Laravel\/Django i\u00e7in <strong>content negotiation<\/strong> yap\u0131land\u0131rmas\u0131n\u0131 kontrol et.<\/li>\n<li>Route\u2019un ger\u00e7ekte ne d\u00f6nd\u00fcrd\u00fc\u011f\u00fcn\u00fc cURL ile incele (<code>-i<\/code> kullan).<\/li>\n<\/ul>\n<h3>D) WordPress\/G\u00fcvenlik Eklentileri<\/h3>\n<p><strong>Belirti:<\/strong> Belirli admin i\u015flemlerinde, formlarda veya query string uzun oldu\u011funda 406.<br \/>\n<strong>\u00c7\u00f6z\u00fcm:<\/strong><\/p>\n<ul>\n<li>Wordfence \/ iThemes \/ All-In-One Security\u2019de ilgili firewall kural\u0131n\u0131 gev\u015fet veya beyaz listeye ekle.<\/li>\n<li>Sorunlu eklentiyi ge\u00e7ici kapat, tema\/eklenti g\u00fcncelle.<\/li>\n<li><code>.htaccess<\/code> temizle (\u015f\u00fcpheli rewrite sat\u0131rlar\u0131n\u0131 \u00e7\u0131kar), kal\u0131c\u0131 yap\u0131land\u0131rmalar\u0131 geri yaz.<\/li>\n<\/ul>\n<h3>E) CDN \/ Reverse Proxy Katman\u0131<\/h3>\n<p><strong>Belirti:<\/strong> Kaynak sunucuda 200 d\u00f6nerken u\u00e7ta 406.<br \/>\n<strong>\u00c7\u00f6z\u00fcm:<\/strong><\/p>\n<ul>\n<li>CDN\u2019de \u201cWAF\/Firewall\u201d kural g\u00fcnl\u00fc\u011f\u00fcn\u00fc incele; <em>URI\/Query\/UA<\/em> bazl\u0131 allow kural\u0131 ekle.<\/li>\n<li>Header normalizasyonu: <strong>Accept<\/strong>, <strong>Accept-Language<\/strong>, <strong>User-Agent<\/strong> silinmesin\/bozulmas\u0131n (CDN Transformations).<\/li>\n<\/ul>\n<h2>3) Kal\u0131c\u0131 Sa\u011flamla\u015ft\u0131rma (Best Practices)<\/h2>\n<ul>\n<li><strong>Log\u2019lar\u0131 merkeze topla:<\/strong> modsec_audit + access\/error log i\u00e7in rota olu\u015ftur (\u00f6rn. Loki, ELK).<\/li>\n<li><strong>Rate limit ve bot korumas\u0131:<\/strong> 406 yerine 403\/429 ile net politika uygulamak daha okunakl\u0131d\u0131r.<\/li>\n<li><strong>G\u00fcncelleme:<\/strong> OWASP CRS, ModSecurity, g\u00fcvenlik eklentileri ve \u00e7ekirdek paketleri g\u00fcncel olsun.<\/li>\n<li><strong>\u0130nce ayar:<\/strong> S\u0131k tetiklenen Rule ID\u2019leri URI-bazl\u0131 kald\u0131r; global whitelist yapma.<\/li>\n<li><strong>Test:<\/strong> Prod\u2019dan \u00f6nce staging\u2019de yeni kurallar\u0131 denerken <code>Detection Only<\/code> kullan.<\/li>\n<\/ul>\n<h2>S\u0131k Kullan\u0131lan Komut ve Snippet\u2019ler<\/h2>\n<p><strong>Kuyru\u011fa d\u00fc\u015fen 406 isteklerini g\u00f6rmek (Apache):<\/strong><\/p>\n<pre><code class=\"language-bash\">grep \" 406 \" -R \/var\/log\/httpd\/access_log*\r\n<\/code><\/pre>\n<p><strong>ModSecurity audit log\u2019da Rule ID bulmak:<\/strong><\/p>\n<pre><code class=\"language-bash\">grep -R \"id \\\"9\" \/var\/log\/* | grep modsec\r\n<\/code><\/pre>\n<p><strong>Nginx\u2019te yaln\u0131zca belirli path i\u00e7in ModSecurity\u2019yi kapatmak (modsec dinamik mod kuruluysa):<\/strong><\/p>\n<pre><code class=\"language-nginx\">location \/api\/endpoint {\r\n    ModSecurityRuleRemoveById 949110 942100;\r\n    proxy_pass http:\/\/app;\r\n}\r\n<\/code><\/pre>\n<p><strong>.htaccess ile MultiViews kapatma:<\/strong><\/p>\n<pre><code class=\"language-apache\">Options -MultiViews\r\n<\/code><\/pre>\n<h2>406 Access Denied (Not Acceptable) Hatas\u0131 &#8211; Sonu\u00e7<\/h2>\n<p><strong>406 Access Denied\/Not Acceptable<\/strong>, \u00e7o\u011funlukla <strong>WAF\/ModSecurity yanl\u0131\u015f-pozitifleri<\/strong> veya <strong>i\u00e7erik pazarl\u0131\u011f\u0131 uyumsuzluklar\u0131ndan<\/strong> kaynaklan\u0131r. Log\u2019dan <strong>Rule ID<\/strong> yakalay\u0131p <em>URI\u2019ye \u00f6zel whitelist<\/em> uygulamak ve MultiViews\u2019\u0131 devre d\u0131\u015f\u0131 b\u0131rakmak genellikle sorunu kal\u0131c\u0131 \u00e7\u00f6zer. API\u2019lerde ise <strong>Accept\/Content-Type<\/strong> e\u015fle\u015fmesini netle\u015ftirmek kilittir.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>HTTP 406 Not Acceptable, istemcinin (taray\u0131c\u0131\/API istemcisi) g\u00f6nderdi\u011fi Accept\/Accept-Language\/Accept-Charset gibi ba\u015fl\u0131klara uygun bir i\u00e7erik bulunamad\u0131\u011f\u0131nda veya g\u00fcvenlik katmanlar\u0131 (WAF\/ModSecurity\/CDN) iste\u011fi \u015f\u00fcpheli g\u00f6r\u00fcp engelledi\u011finde d\u00f6ner. Pratikte 406\u2019y\u0131 en \u00e7ok \u015fu nedenler tetikler: ModSecurity\/WAF kural\u0131 (SQLi\/XSS paterni san\u0131lan URL, query string, header) Apache MultiViews \/ i\u00e7erik pazarl\u0131\u011f\u0131 (content negotiation) \u00e7ak\u0131\u015fmalar\u0131 Yanl\u0131\u015f\/Missing Content-Type ya da framework\u2019te i\u00e7erik pazarl\u0131\u011f\u0131 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[43],"tags":[],"class_list":["post-227","post","type-post","status-publish","format-standard","hentry","category-linux-genel"],"_links":{"self":[{"href":"https:\/\/adveyer.com\/blog\/wp-json\/wp\/v2\/posts\/227","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/adveyer.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/adveyer.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/adveyer.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/adveyer.com\/blog\/wp-json\/wp\/v2\/comments?post=227"}],"version-history":[{"count":3,"href":"https:\/\/adveyer.com\/blog\/wp-json\/wp\/v2\/posts\/227\/revisions"}],"predecessor-version":[{"id":230,"href":"https:\/\/adveyer.com\/blog\/wp-json\/wp\/v2\/posts\/227\/revisions\/230"}],"wp:attachment":[{"href":"https:\/\/adveyer.com\/blog\/wp-json\/wp\/v2\/media?parent=227"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/adveyer.com\/blog\/wp-json\/wp\/v2\/categories?post=227"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/adveyer.com\/blog\/wp-json\/wp\/v2\/tags?post=227"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}