Every time a visitor submits any of our custom-built contact forms the server answers with “406 Not Acceptable”. We are on shared hosting and ModSecurity is clearly blocking the request; no extra plugins or custom scripts are involved, just straightforward form code that used to work flawlessly. I need someone who understands Apache rule sets, ModSecurity audits, .htaccess overrides and the nuances of shared-hosting firewalls. Your job is to track down the precise rule or pattern that trips the 406, implement a safe workaround or whitelist, and get every form sending mail again without weakening overall security. Deliverables I expect • Confirmation of the root cause with log evidence • A clean, lasting fix applied on the live site • Successful test submissions for all form variations (desktop and mobile) • A short report outlining what you changed so I can hand this to my host if needed Acceptance criteria A form submission produces a 200/302 response instead of 406, the email lands in our inbox, and no other site functionality is affected. If you have tackled ModSecurity-related false positives before, I would love to hear how quickly you can jump in.