Hello,

 

I’m hoping to find an answer to this problem and was told to send it here.  I’m VERY new to modsecurity and our company is faced with this current problem:

 

From this 1 company only – users are not able to see their payment receipts – they go thru all the options of submitting a payment and yet the PDF receipt goes back to them with a blank page.

 

What I am told from the dev team is this:

 

The encryption string get’s so long that modsec thinks it’s a virus or a hack and throws it out.

 

So they tell me what needs to happen is:

 

Certain tests need to be ignored – specifically when they have parameters that examine a GET or a POST  form fields.

 

OR:

 

Is there a way to bypass any request to a designated server to let it go past modsec.  So in the request – if it is supposed to go to the next server for parsing or whatever – Modsec will just ignore it and let it thru.

 

Some of this makes sense to me but it seems odd that this is only happening with 1 company out of thousands and thousands of users.

 

Any help would be appreciated

 

Troy Landry