SecRule REQUEST_URI "@beginsWith /m/payment" "phase:1,id:123456,allow"
This should fix your problem. Be sure it is loaded before the other rule. And 'id' can be adjusted.
