"mediadisconnect" wrote:
If you check your webserver logs you will find a bunch of 406 errros.  Web servers expect a useragent and other header info to be passed from the web client when a request is made. The Roku servers use http as a transport but don't pass the all header info so the server becomes suspicious and doesn't send.

Your URL can't be HTTPS either.

You may need to disable ModSecurity in your Apache setup on your WebHost to get past the errors. The following thread discusses all of these issues a little more clearly.

https://forums.roku.com/viewtopic.php?t=99232[/url:3pb9o9zk]

"mediadisconnect" wrote:
If your hosting provider gives you access to cPanel you will find it under Security -> ModSecurity.

If not, just call up your hosting provider and they will do it for you.

---

8:35:24 PM
System
Steven B has joined the chat!
8:35:35 PM
Steven B
Thank you for contacting live support! My name is Steven, How can I help you today?
8:36:28 PM
ME:
Hi, I have a file on my account (your server) which needs to be accessed by Roku in order for my Roku channel to work. I get a certain URL access error on their end, and they told me that the solution is to disable modsecurity.
8:36:56 PM
ME:
I don't see an option in my Cpanel to do this. Can you guys disable modsecurity from your end?
8:37:00 PM
Steven B
what is the domain we are looking at?
8:37:16 PM
ME:
Well, the file resides in my [domain]
8:38:36 PM
Steven B
All of the modsec rules that are applied cannot be removed as they are set by our sysadmin for security purposes unfortunately
8:38:39 PM
ME:
Roku's servers need access to [......../json]
8:38:57 PM
ME:
So, then how are they going to be able to access that file?
8:39:10 PM
ME:
I can't serve it from anywhere else.
8:41:04 PM
ME:
I think they get a 406 error every time they try to access it.
8:42:41 PM
Steven B
one moment
8:42:48 PM
ME:
ok
8:46:25 PM
Steven B
Do you happen to have Roku Ip address, we are trying to determine if we can remove that modsec rule
8:47:26 PM
ME:
I don't. I'm not sure how I could get that since I don't work there. And I don't know if it's an IP that changes or is static.
8:49:02 PM
Steven B
we would need that ip address so we could run a log check and see why that modsec rule was implemented before we remove it
8:49:29 PM
ME:
Ok, so how would I get that?
8:49:52 PM
Steven B
Roku support should be able to provide you with that information
8:49:53 PM
ME:
And what if the IP changes?
8:50:28 PM
Steven B
we cant go off assumptions at this pont but if the ip is dynamic (which it should not) then they should have a reputable IP we can use
8:50:56 PM
ME:
Ok, I will contact Roku. thanks.

"mediadisconnect" wrote:
HostGator is just being difficult.  Have them look at your logs for 406 errors and tell them it needs to be fixed.

You can also try putting the following in your .htaccess file:

<IfModule mod_security.c>
  SecFilterEngine Off
  SecFilterScanPOST Off
</IfModule>

You MIGHT have better luck with HostGator disabling ModSecurity if you call them.

If neither of these work you might have to go with a service like myjson.com.

Hello,

Apologies, unfortunately the rule your installation is hitting is a rule which we are unable to whitelist within our shared hosting packages. This is because the set of rules which this belongs to are among the highest security risk. As such, if you require this rule whitelisted you will need to move to a VPS or Dedicated solution where you will have greater control over the implemented mod security rules. You may review our offerings for these package types below. Please let us know if you have any further questions or concerns