I’m hoping to find an answer to this problem and was told to send it here. I’m VERY new to modsecurity and our company is faced with this current problem:
From this 1 company only – users are not able to see their payment receipts – they go thru all the options of submitting a payment and yet the PDF receipt goes back to them with a blank page.
What I am told from the dev team is this:
The encryption string get’s so long that modsec thinks it’s a virus or a hack and throws it out.
So they tell me what needs to happen is:
Certain tests need to be ignored – specifically when they have parameters that examine a GET or a POST form fields.
Is there a way to bypass any request to a designated server to let it go past modsec. So in the request – if it is supposed to go to the next server for parsing or whatever – Modsec will just ignore it and let it thru.
Some of this makes sense to me but it seems odd that this is only happening with 1 company out of thousands and thousands of users.
Any help would be appreciated