Automation Webhook blocked by ModSecurity

Hello,

I’m sending Automation Webhook from ActiveCampaign to a PHP file on a WordPress site, in order to use some Custom Fieds values on the WordPress site.

I’m sure the Webhook is sent to the PHP, but it seems to be blocked by ModSecurity configured as active in Apache on the server.

  • In the logfile, if Modsecurity is active :


    54.225.1.90 - - [03/Jul/2023:14:21:32 +0200] “POST /wp-content/plugins/ACCountdown/ACWebhookfile.php HTTP/1.1” 404 78812 “-” “GuzzleHttp/6.5.5 curl/7.88.1 PHP/7.4.33”


  • In the logfile, if ModSecurity is inactive :


    54.225.1.90 - - [03/Jul/2023:11:49:49 +0200] “POST /wp-content/plugins/ACCountdown/ACWebhookfile.php HTTP/1.1” 200 48 “-” “GuzzleHttp/6.5.5 curl/7.88.1 PHP/7.4.33”


Apparently, GuzzleHttp is used by ActiveCampaign to send the request, but is classified as crawler and therefore is blocked by ModSecurity.


Anything already faced this issue ? Any solution ? Any option to avoid this ?


I tried to use Zapier in order to “bridge” the problem, and it’s ok, but it’s not clean. Any possible solution in the ActiveCampaign configuration ?


Regards,


Eric