Get a standard message

Request Validation has detected a potentially dangerous client input value...etc

and I have requestValidationMode = "2.0" and validateRequest = "false"

so I'd have thought the post from Worldpay would be OK, but no.

Worldpay say it is the script, so I stripped the code down to the bare minimum with absolutely no logic, so it would just display a simple page, but still no success.

I checked the worldpay.config file and that seems ok. 

debug="True"

testMode="True"

instId="the id"

callbackPW="password"

callback="the callbackurl"

remoteInstId=""

authPW=""

instantCapture="True"

key="mykey"

signature="mysignature"

acceptUrl="domain/shop/worldpayredirectsuccess/"

declineUrl="domain/shop/worldpayredirectdecline/"

the accepturl and decline url include http etc

I'm not quite sure what the relationship is between the callback and the accepturl and declineurl so don't know if that may be having an impact.

The service provider for the server suggest updating the machine.config with the page validationrequest, but that would affect everything on the server.

The pipeline seems ok but could that have an impact?

Tired and frustrated.