406 Error on Apache Server after Stripe Payment

Has anyone seen this error when using the Stripe button? In the button you configure a success page and a failure page. For me these are just static .html pages. After a payment Stripe redirects to the page but the Apache server gives a 406 error.

It is coming from mod_security which I have disabled by adding the following to .htaccess but it is still happening.

<IfModule mod_security.c>

SecFilterEngine Off
Preformatted textSecFilterScanPOST Off

Not Acceptable!

An appropriate representation of the requested resource could not be found on this server. This error was generated by Mod_Security.

So the workaround to this problem is indeed to turn off mod_sec. CPanel provides a widget for mod_sec which overrides any settings in .htaccess.

My provider hides the widget but I was able to get them to turn it off.

So now I have a working Stripe success page but at what risk?

I raised a support request with Stripe which they referred to development but ultimately said not their issue.

I have read it could be the SQL Injection prevention that could be causing this but for me I do not have any control over mode_sec so cannot experiment.

Never heard of mod_sec, by the sound of it it isn’t adding any security if the code is properly written, but in the case of stripe there is in fact no code on the server.