I’m hoping to find an answer to this problem and was told to send it here.  I’m VERY new to modsecurity and our company is faced with this current problem:


From this 1 company only – users are not able to see their payment receipts – they go thru all the options of submitting a payment and yet the PDF receipt goes back to them with a blank page.


What I am told from the dev team is this:


The encryption string get’s so long that modsec thinks it’s a virus or a hack and throws it out.


So they tell me what needs to happen is:


Certain tests need to be ignored – specifically when they have parameters that examine a GET or a POST  form fields.




Is there a way to bypass any request to a designated server to let it go past modsec.  So in the request – if it is supposed to go to the next server for parsing or whatever – Modsec will just ignore it and let it thru.


Some of this makes sense to me but it seems odd that this is only happening with 1 company out of thousands and thousands of users.


Any help would be appreciated


Troy Landry