I get this error when I try to debug or make google tag manager public
Access denied with code 406 (phase 2). Pattern match "\\b(\\d+) ?= ?\\1\\b|[\\'\"](\\w+)[\\'\"] ?= ?[\\'\"]\\2\\b" at REQUEST_HEADERS:Cookie. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "98"] [id "1234123413"] [msg "SQL Injection Attack"] [data "1=1"] [severity "CRITICAL"] [tag "WEB_ATTACK/SQL_INJECTION"]
Is there any way so I can allow specific external domains ? Or another solution ?
I did not understand your question about "allow specific external domains." However in the cookie generated by Google Tag Manager could be contained this piece of text "1=1" and this one is matched by mod_security's regexp:
\b(\d+) ?= ?\1\b|[\'\"](\w+)[\'\"] ?= ?[\'\"]\2\b
This happens because "1=1" is a common pattern used in SQL Injection attack and is for this reason that mod_security blocks your request with HTTP error 406. The rules that ModSecurity uses can help blocking potential attack but in this case it's blocking a legitimate requests and you would prefer to disable this rule.
The link below explains how to disable a rule: https://www.atomicorp.com/wiki/index.php/Mod_security#Disable_Mod_security_rules_globally_for_a_specific_application
this will be useful if you want to try to edit it: http://www.howtoforge.com/remo_modsecurity_apache
