Great! You have confirmed that Worldpay is posting back to your client API file/script to complete the transaction and the something in the User Agent filters is blocking the Worldpay User Agent. Luckily it does not have anything to do with the SQL Injection security filter, which is an absolute necessity to have in use. The User Agent filters are actually just nuisance filters and are not important whatsoever. 😉
So now do these Custom Code steps to save your modified BPS Query String Exploits code permanently to BPS Custom Code:
1. Copy your modified BPS Query String Exploits code above to this BPS Root Custom Code text box: CUSTOM CODE BPSQSE BPS QUERY STRING EXPLOITS
2. Click the Save Root Custom Code button.
3. Go to the Security Modes page, click the Create secure.htaccess File button, and activate Root folder BulletProof Mode.