lynx and mod_security

I’ve been imple­ment­ing more web sites recently; it appears to be one part of the tech­no­logy mar­ket for which there is still demand. One of the things I push when I meet with cli­ents is access­ib­il­ity, so I figured I should test my own sites and make sure they’re reas­on­ably access­ible. Lynx is one tool to use to check access­ib­il­ity (as well as being a good basic text-based browser). I was a little flum­moxed when I got back a 406 http error, which usu­ally means the user agent can­’t read the char­ac­ter set, lan­guage, or encod­ing the web site uses. Even the most basic text html page was rejected.

It turned out that my ISP had mod_security enabled (good) and con­figured in such a way that lynx was banned (not so good). Ban­ning lynx seems to be a fal­lout from a quick way of con­fig­ur­ing mod_security by fil­ter­ing out keywords that might be used in hack­ing attempts. Per­son­ally I can­’t see the point as lynx can be told to use a dif­fer­ent user agent string if need be, and people who want to hack your site will likely know how to do that, and I can­’t under­stand how people use lynx to hack a site either. Mind you, I don’t hack oth­er people’s web sites, so I don’t know the tools people use who do. Any­way, the ISP cheer­fully took out the fil­ter caus­ing the prob­lem, but in the mean­time my IP address had been flagged by mod_security for try­ing to bypass the fil­ter too many times, so I was com­pletely banned from my own site, as well as every oth­er site that hap­pens to be hos­ted on the same server. 

Even­tu­ally we cleared up that little prob­lem as well, and I could get back to tweak­ing my style-sheets and HTML to be more access­ible. There’s a bit more to do yet, but I’m get­ting there. And I’m grate­ful for an assidu­ous ISP (Cana­dian Web Host­ing) with a sup­port team that works late on Fri­day nights.