How do I modify Apache mod_security to accept incoming IPN requests?
To permit incoming IPN requests from notify.paypal.com, which doesn't supply the User-Agent header, change the mod_security config to accept all connections from *.paypal.com. To do so, add something similar to the following line before the line denying empty User-Agent headers:
SecRule REMOTE_HOST "\.paypal\.com$" "allow,log,logdata:'Permitting incoming connection from PayPal'"
This will permit incoming connections from the paypal.com domain, while allowing you to deny other connections that don't supply the User-Agent header.
You were logged out to help protect your account.