[mod-security-users] Access denied with code 403. Error normalising REQUEST_URI: Invalid URL encoding detected: not enough characters

[<ze...@vo...>]

 Hi,
I face a big problem using Mod Security 1.9.2.
My web server architecture uses Siteminder and i use this kind of URL to change or modify password:
https://www.myserver.com/siteminderagent/pwcgi/smpwservicescgi.exe?SMENC=UTF-8&SMTOKEN={RC2}GuFcF7I/F5Sl03RqtNrPsMPlYiQZg/B1e2KFVDxfbVrnyC2MPyEDnDn1fDzHRadtrowaa0dtXRcvNGiN+cwPaCYlGkzRryxlqAMQ33n/JFc//j8GS51FTS31e00c0C0x4dszYnBMJfwIFO/TQ0vyWFW1RyszdoiTDAp8ZSwqgO0=&USERNAME=test_Users&SMAUTHREASON=20&SMAGENTNAME=-SM-fshUMrkQm%2fB7%2bk8CAU%2fak459pCXPADL1l0bEfFr6ZGrq3HJ%2fv720ACDphqn4Rhzb&TARGET=-SM-https%3a%2f%2fwww%2emyserver%2ecom%2fURI%2fhome%2ehtml%3fSMLOCALE=FR-FR 
ModSecurity logs as following:
[06/Apr/2006:17:45:06 +0200] [www.myserver.com/sid#115800][rid#32ef88][/siteminderagent/pwcgi/smpwservicescgi.
exe][1] Access denied with code 403. Error normalising REQUEST_URI: Invalid URL encoding detected: not enough characters
When i replace the %3f by the "?", then my change password service runs well.
My ModSec configuration in quite simple way is like the following:
# Turn ModSecurity On
        SecFilterEngine On
# Reject requests with status 403
        SecFilterDefaultAction "deny,log,status:403"
# Some sane defaults
        SecFilterScanPOST Off
        SecFilterCheckURLEncoding On
        # for UTF8 encoding
        SecFilterCheckUnicodeEncoding Off
# Accept almost all byte values
        SecFilterForceByteRange 1 255
# Server masking is optional
        SecServerSignature " "
# Only record the interesting stuff
        SecAuditEngine RelevantOnly
        SecAuditLog logs/modsec_log
# You normally won't need debug logging
        SecFilterDebugLevel 0
        SecFilterDebugLog logs/modsec_debug_log
#Deny all unwanted characters by default
        SecFilter                       "'"     id:1000  
        SecFilterSelective REQUEST_URI "!\?" "chain,id:1001,msg:'1001 matched'"
        SecFilter "/\."
        SecFilterSelective REQUEST_URI "\?" "chain,id:2001,msg:'2001 matched'"
        SecFilterSelective REQUEST_URI ".*/\..*\?"
I tried to activate or de activate "SecFilterCheckURLEncoding", "SecFilterCheckUnicodeEncoding " but the result was unsuccessful.
Could you help me to resolve this problem?

Regards,
Christophe