Firewall Options Causing Forbidden Errors

I am using All in One Security on an ecommerce website which uses woocommerce.

I have been having some issues which relate to some of the firewall settings in All in one security and I was wondering if there is a way to fix these without disabling certain features.

Firstly, I have been finding some 404 errors are being redirected to the 404 page but some of these are using parameters that are being tagged onto the end of the url by woocommerce which passes info about the traffic source.

EG. /404.html?page=/missingpageurl.html&from=https://www.google.co.uk/

These url’s are displaying a Forbidden error page

To fix some of these occurrences I have had to disable the Advanced Character String Filter in Advanced Firewall Rules. Even though this is disabled, it fixes some url’s but not all.

Is there a way to allow these url’s through the firewall without having the ‘Advanced Character String Filter’ fully disabled?

The second issue I have is that All in One Security is blocking customers who paid with Paypal and are being referred back to the website to the page url –
/checkout/order-received/123456/?key=wc_order_12345678. They are then getting a Forbidden error page. Payments are being taken it is just the thank you page isn’t being displayed.

The cause of this seemed to be the 5G and 6G blacklist options. I have turned it off so it works but would prefer it to be enabled.

Is there a way to allow url referrals from Paypal to the thank you page without having to disabled the 5G and 6G options?