Recently my webhost installed mod_security on my webserver. It seemed like a non-event until I started getting calls from a few clients who had been merrily working for a long time. When they tried to update content in either Open-cart or WordPress, they were getting strange errors such as “501 Not Implemented” or “406 Not acceptable”.
The fix is to sidestep mod_security for those requests. Ideally it should be limited to the offending request, but in the interest of getting people running, I simply added a .htaccess file in the /admin folder of the broken sites with the following contents.