since the beginning we used the suggestion below how to protect index.php and created an insec.php which is accessible from outside and used in the OptOut Frame instead of index.php.:
While I can completely understand the reason for the separation, unfortunately this prevents the above solution and the OptOut from working. The optout.js blocked.
Any suggestions how to handle this now? I’m reluctant to open up the WAF config for this single file.
Many thanks in advance!