Mod Security Issues (using IP4.0.3)

[RazorSEdge]

I started getting Error 406's today (Mod Security).  I started getting them after adding some custom profile fields via the ACP and then when I went in the front end I noticed that although they were set to not required, they were in fact, being required.  I went to ACP, checked require, unchecked require and went to front end and edited my profile.  Now I am getting this error:

Error 406 - Not Acceptable

Generally a 406 error is caused because a request has been blocked by Mod Security. If you believe that your request has been blocked by mistake please contact the web site owner.

I am not sure if this is a bug with IP4, or something else altogether, but could really use some help as there is not a lot of documentation on tracking down what is setting off Mod Security and blocking me from my own site.

Thank you in advance!

[RazorSEdge]

Hello, doing a quick bump on this to see if anyone else has noticed any issues.

On IP3.4.x we NEVER had any mod security issues.  Now, it seems like we are having them all over the place.  Our server host has went through many logs and the issue seems to be corrupted cookies, and has instructed us to work with IPS to get it resolved.

IPS says it is a ModSecurity issue and not a software issue.  

Most of the time the cookies are corrupted when editing and saving a profile.  Mod security then sees the corrupted cookie and assumes it is an attack on the site, instantly blocking access.  A quick clearing of cookies resolves the issues until the cookie is corrupted again.

Would love to hear if anyone else is having these issues with IP4, and what could be done to resolve them without having to turn off our security.

[j4ss]

Yup! ModSecurity doesn't works with IPS4