406 error installing JetPack

Knowing that 406 errors are usually caused by ModSecurity, proving to hosting companies that they are in fact blocking JetPack can sometimes be very tiresome, here is a little trick my Friend Rodrigo taught me using cURL and the User-Agent for JetPack

$ curl -H "Host: domain.com" -A "User-Agent: Jetpack by WordPress.com" -0 -v "http://192.168.0.2/xmlrpc.php?for=jetpack"
 * About to connect() to 192.168.0.2 port 80 (#0)
 * Trying 192.168.0.2... connected
 * Connected to 192.168.0.2 (192.168.0.2) port 80 (#0)
 > GET /xmlrpc.php?for=jetpack HTTP/1.0
 > Accept: */*
 > Host: domain.com
 > User-Agent: Jetpack by WordPress.com
 >
 < HTTP/1.1 406 Not Acceptable
 < Date: Wed, 01 Oct 2014 00:39:46 GMT
 < Server: Apache
 < Content-Length: 300
 < Connection: close
 < Content-Type: text/html; charset=iso-8859-1
 <
 * Closing connection #

If you only try xmlrpc without any parameter it works

curl -H "Host: domain.com" -A "User-Agent: Jetpack by WordPress.com" -0 -v "http://192.168.0.2/xmlrpc.php"
 * About to connect() to 192.168.0.2 port 80 (#0)
 * Trying 192.168.0.2... connected
 * Connected to 192.168.0.2 (192.168.0.2) port 80 (#0)
 > GET /xmlrpc.php HTTP/1.0
 > Accept: */*
 > Host: domain.com
 > User-Agent: Jetpack by WordPress.com
 >
 < HTTP/1.1 200 OK
 < Date: Wed, 01 Oct 2014 00:41:44 GMT
 < Server: Apache
 < X-Powered-By: PHP/5.4.33
 < Connection: close
 < Content-Type: text/plain;charset=utf-8
 <
 * Closing connection #0

Maybe if they white list xmlrpc.php with variables it would work, we asked them ?

curl -H "Host: domain.com" -A "User-Agent: Jetpack by WordPress.com" -0 -v "http://192.168.0.2/xmlrpc.php?for=jetpack"
 * About to connect() to 192.168.0.2 port 80 (#0)
 * Trying 192.168.0.2... connected
 * Connected to 192.168.0.2 (192.168.0.2) port 80 (#0)
 > GET /xmlrpc.php?for=jetpack HTTP/1.0
 > Accept: */*
 > Host: domain.com
 > User-Agent: Jetpack by WordPress.com
 >
 < HTTP/1.1 200 OK
 < Date: Wed, 01 Oct 2014 02:17:42 GMT
 < Server: Apache
 < X-Powered-By: PHP/5.4.33
 < Connection: close
 < Content-Type: text/plain;charset=utf-8
 <
 * Closing connection #0
 XML-RPC server accepts POST requests only.

Yippee, it works, and the client was able to get his JetPack back

Leave a Reply

Your email address will not be published. Required fields are marked *

CISSP PMP