Had a similar problem as this, and the solution ended up being to modify two rules in our ModSecurity settings.
We’re with liquidweb, and they are the ones who figured this out.
I don’t know ModSecurity at all, so I don’t know if the rule ID’s are a standardized thing, or if they are unique to each server setup, but for us, the two rules were:
340464, and 340465
The “Justification” for both of these rules were identical:
Match of "rx ://%{SERVER_NAME}/" against "ARGS:acf[field_52881450ecaab]" required.