PayPal Instant Payment Notification Warning

anniesteephan

Member
Oct 31, 2012
13
0
1
cPanel Access Level
Root Administrator
Hi,

I am getting following mail from paypal.

Code:
Please check your server that handles PayPal Instant Payment Notifications (IPN). Instant Payment Notifications sent to the following URL(s) are failing:

http://billing.xx.com/plugins/gateways/paypal/callback.php

If you do not recognize this URL, you may be using a service provider that is using IPN on your behalf. Please contact your service provider with the above information. If this problem continues, IPNs may be disabled for your account.

Thank you for your prompt attention to this issue.

Thanks,
PayPal
We are using latest version of clientexec.

Recently i have installed modsecurity in whm.

Here is the modsecurity log

Code:
Message: Rule processing failed.
Message: Access denied with redirection to http://billing.xx.com/ using status 302 (phase 2). Match of "pm AppleWebKit Android" against "REQUEST_HEADERS:User-Agent" required. [file "/usr/local/apache/conf/modsec_vendor_configs/OWASP/rules/REQUEST-20-PROTOCOL-ENFORCEMENT.conf"] [line "299"] [id "960015"] [rev "3"] [msg "Request Missing an Accept Header"] [severity "NOTICE"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "8"] [tag "Host: billing.xx.com"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_ACCEPT"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"]
Action: Intercepted (phase 2)
Stopwatch: 1425287937186573 77823 (- - -)
Stopwatch2: 1425287937186573 77823; combined=399, p1=83, p2=181, p3=0, p4=0, p5=98, sr=34, sw=37, l=0, gc=0
Producer: ModSecurity for Apache/2.8.0 (http://www.modsecurity.org/); OWASP_CRS/3.0.0.
Server: Apache
Engine-Mode: "ENABLED"
callback.php is attached with this.

Is this related to modsecurity, if so, how can I fix it ?

Please help me to resolve this issue.

Thanks,

Annie
 

Attachments

keat63

Well-Known Member
Nov 20, 2014
1,850
223
93
cPanel Access Level
Root Administrator
Apparently Mod security isn't foolproof, and some rules may have to be disabled to allow it to work for your particular setup.

Incidentally 960015 was one of the first ones I had to disable.