Thanks! That's quite useful in some cases :).

My host and I can't reproduce the bug, so we're stumped...

Thank you for the quick reply and testing. Given the new info, I tried whitelisting bibbase's IP address and then just turning off Mod Security, but that didn't work. (I'm a little confused about whether "turning off Mod Security" actually means turning it off completely or just turning off certain rules. Some of the provider's docs suggest it's the latter.)

When I run the same curl request, it simply goes through. I've contacted my hosting provider explaining that I got some unexpected 406 errors, but I don't have much info to share with them given that I can't reproduce the issue.