Skip to main content

"Not acceptable" error when connecting a cloud account

Problem:
When trying to connect your cloud account, the connection fails and you see an error like:

“Not Acceptable! An appropriate representation of the requested resource could not be found on this server. This error was generated by Mod_Security.”
 

Cause:

This error is not generated by the plugin itself, but by ModSecurity, a server-level firewall used by many hosting providers. During the authentication flow, the cloud provider (such as Google, Microsoft, Dropbox, or Box) redirects back to your website with URL parameters like code and state. These values are often long, encoded, and contain special characters, which can match patterns that ModSecurity is designed to block (such as injection or obfuscated input).

Because this redirect appears as an incoming request with sensitive query parameters, ModSecurity may incorrectly treat it as a potential threat and block it, even though it is a valid and secure part of the OAuth process. When that happens, the connection is interrupted and the “Not Acceptable” message is shown.

Solution:

Since ModSecurity operates at the server level, it cannot be controlled from within WordPress or the plugin itself. The fix always involves adjusting your server or hosting configuration.

 

If you are using managed hosting:

  1. Check the ModSecurity logs
    • Look in your hosting control panel for logs such as “ModSecurity Logs”, “Security Logs”, or “Error Logs”.
    • Find the entry related to the blocked request. It usually includes a rule ID.
       
  2. Whitelist the rule
    • Contact your hosting provider and provide them with:
      • The exact error message
      • The URL shown in your browser during the error
    • Ask them to whitelist the triggered ModSecurity rule for your domain.
       
  3. Optional: Temporarily disable ModSecurity
    • If your hosting panel allows it, you can temporarily disable ModSecurity and try connecting the account again.
    • If the connection succeeds, this confirms that ModSecurity is the cause.
    • After testing, always re-enable ModSecurity. You can leave it that way as this authorization is only needed once, generally speaking. OR request a proper whitelist instead of leaving it disabled. 
       
  4. Retry the connection After adjusting the rule, reconnect your cloud account in the plugin.

Example message to your hosting provider

If you are unable to resolve this yourself, you can contact your hosting provider for assistance. You can use the template below and include the requested information:

Subject: ModSecurity blocking OAuth redirect (Not Acceptable error)

Hello,

I am experiencing an issue when trying to connect a [Google|Microsoft|Dropbox|Box] account to a plugin in my WordPress website. During the oAuth 2.0 authentication process, when redirected to my site, I receive the following error:

"Not Acceptable! An appropriate representation of the requested resource could not be found on this server. This error was generated by Mod_Security."

This issue appears to be caused by ModSecurity blocking the OAuth redirect request. Probably because URL parameters like code and state which contain long, encoded, and contain special characters.

Could you please investigate the ModSecurity logs for the following event:
* The exact time the error occurred: [insert date and time]
* The full URL shown in the browser when the error happened: [insert full URL]
* Screenshot of the error message (attached)

If possible, please identify the triggered ModSecurity rule ID and whitelist it for this domain or endpoint so that the OAuth connection flow is not blocked.

Kind regards,
[Your name]

 

What to include when contacting your host

For faster support, always include:

  • A screenshot of the error message
  • The full URL from the browser address bar during the error
  • The exact date and time the issue occurred
  • Your domain name

If you manage your own server:

  1. Check ModSecurity logs
    • Common locations include:
      • /var/log/apache2/modsec_audit.log
      • /var/log/httpd/modsec_audit.log
      • or your web server’s error log
    • Identify the blocked request and note the rule ID.

  2. Disable or adjust the specific rule

    • You can whitelist the rule in your server configuration, for example in .htaccess, httpd.conf, or a ModSecurity config file:
    <IfModule mod_security.c>
        SecRuleRemoveById 123456
    </IfModule>

    Replace 123456 with the actual rule ID from your logs.

  3. Alternative: Disable ModSecurity temporarily during authorization.
    You can temporarily disable the ModSecurity while doing the authorization. The authorization is only needed once, generally speaking. Avoid disabling ModSecurity entirely unless absolutely necessary.
     

  4. Retry the connection
    After adjusting the rule, reconnect your cloud account in the plugin.