Manage ModSecurity false positives

Important: As of December 1, 2020 the OpenID 2.0 integration option described in this topic is deprecated and is no longer available for new product integrations. Existing integrations that use OpenID 2.0 continue to work. For enhanced security, AppDirect recommends that you use OpenID Connect or SAML to authenticate applications, and that you migrate existing products that use OpenID 2.0 to one of those authentication methods.

The OpenID 2.0 protocol can pass encoded URLs as query string parameters, which may trigger false positives for the ModSecurity web application firewall. ModSecurity rules 1234234 and 340153 are commonly the cause.

If you encounter false positives, exclude the OpenID return URL from these rules and check if the false positives stop or notably diminish.