Ok, the exact location shoudl be in your httpd.conf, it should be a line indicating to include something similar to:
/etc/httpd/conf/modsecurity.conf

The default rules are:
Code
    # Only accept request encodings we know how to handle
    # we exclude GET requests from this because some (automated)
    # clients supply "text/html" as Content-Type
    SecFilterSelective REQUEST_METHOD "!^GET$" chain
    SecFilterSelective HTTP_Content-Type "!(^$|^application/x-www-form-urlencoded$|^multipart/form-data)"
 
    # Require Content-Length to be provided with
    # every POST request
    SecFilterSelective REQUEST_METHOD "^POST$" chain
    SecFilterSelective HTTP_Content-Length "^$"

    # Don't accept transfer encodings we know we don't handle
    # (and you don't need it anyway)
    SecFilterSelective HTTP_Transfer-Encoding "!^$"
 
# WEB-ATTACKS /bin/sh command attempt
SecFilter "/bin/sh"
 
# WEB-ATTACKS ps command attempt
SecFilterSelective THE_REQUEST "/bin/ps"
 
# WEB-ATTACKS /bin/ps command attempt
# SecFilterSelective THE_REQUEST "ps\x20"
 
# WEB-ATTACKS wget command attempt
SecFilter "wget\x20"
 
# WEB-ATTACKS uname -a command attempt
SecFilter "uname\x20-a"
 
# WEB-ATTACKS /usr/bin/id command attempt
SecFilter "/usr/bin/id"
 
# WEB-ATTACKS id command attempt
SecFilter "\;id"
 
# WEB-ATTACKS echo command attempt
SecFilter "/bin/echo"
 
# WEB-ATTACKS kill command attempt
SecFilter "/bin/kill"
 
# WEB-ATTACKS chmod command attempt
SecFilter "/bin/chmod"
 
# WEB-ATTACKS chgrp command attempt
SecFilter "/chgrp"
 
# WEB-ATTACKS chown command attempt
SecFilter "/chown"
 
# WEB-ATTACKS chsh command attempt
SecFilter "/usr/bin/chsh"
 
# WEB-ATTACKS tftp command attempt
SecFilter "tftp\x20"
 
# WEB-ATTACKS gcc command attempt
SecFilter "gcc\x20-o"
 
# WEB-ATTACKS cc command attempt
#SecFilter "cc\x20"
 
# WEB-ATTACKS /usr/bin/cpp command attempt
SecFilter "/usr/bin/cpp"
 
# WEB-ATTACKS cpp command attempt
SecFilter "cpp\x20"
 
# WEB-ATTACKS /usr/bin/g++ command attempt
SecFilter "/usr/bin/g\+\+"
 
# WEB-ATTACKS g++ command attempt
SecFilter "g\+\+\x20"
 
# WEB-ATTACKS bin/python access attempt
SecFilter "bin/python"
 
# WEB-ATTACKS python access attempt
SecFilter "python\x20"
 
# WEB-ATTACKS bin/tclsh execution attempt
SecFilter "bin/tclsh"
 
# WEB-ATTACKS tclsh execution attempt
SecFilter "tclsh8\x20"
 
# WEB-ATTACKS bin/nasm command attempt
SecFilter "bin/nasm"
 
# WEB-ATTACKS nasm command attempt
SecFilter "nasm\x20"
 
# WEB-ATTACKS /usr/bin/perl execution attempt
SecFilter "/usr/bin/perl"
 
# WEB-ATTACKS perl execution attempt
SecFilter "perl\x20"
 
# WEB-ATTACKS traceroute command attempt
SecFilter "traceroute\x20"

# WEB-ATTACKS ping command attempt
SecFilter "/bin/ping"
 
# WEB-ATTACKS netcat command attempt
SecFilter "nc\x20"
 
# WEB-ATTACKS nmap command attempt
SecFilter "nmap\x20"

# WEB-ATTACKS xterm command attempt
SecFilter "/usr/X11R6/bin/xterm"
 
# WEB-ATTACKS X application to remote host attempt
SecFilter "\x20-display\x20"
 
# WEB-ATTACKS lsof command attempt
SecFilter "lsof\x20"
 
# WEB-ATTACKS rm command attempt
SecFilter "rm\x20"
 
# WEB-ATTACKS mail command attempt
SecFilter "/bin/mail"
 
# WEB-ATTACKS /bin/ls command attempt
SecFilterSelective THE_REQUEST "/bin/ls"
 
# WEB-ATTACKS /etc/inetd.conf access
SecFilter "/etc/inetd\.conf" log,pass
 
# WEB-ATTACKS /etc/motd access
SecFilter "/etc/motd" log,pass
 
# WEB-ATTACKS /etc/shadow access
SecFilter "/etc/shadow" log,pass
 
# WEB-ATTACKS conf/httpd.conf attempt
SecFilter "conf/httpd\.conf" log,pass
 
# WEB-ATTACKS .htgroup access
SecFilterSelective THE_REQUEST "\.htgroup" log,pass

# WEB-CGI rksh access
SecFilterSelective THE_REQUEST "/rksh"
 
# WEB-CGI bash access
SecFilterSelective THE_REQUEST "/bash" log,pass
 
# WEB-CGI perl command attempt
SecFilterSelective THE_REQUEST "/perl\?"
 
# WEB-CGI zsh access
SecFilterSelective THE_REQUEST "/zsh"
 
# WEB-CGI csh access
SecFilterSelective THE_REQUEST "/csh"
 
# WEB-CGI tcsh access
SecFilterSelective THE_REQUEST "/tcsh"
 
# WEB-CGI rsh access
SecFilterSelective THE_REQUEST "/rsh"
 
# WEB-CGI ksh access
SecFilterSelective THE_REQUEST "/ksh"
 
# WEB-CGI icat access
SecFilterSelective THE_REQUEST "/icat" log,pass
 
# WEB-CGI /cgi-bin/ls access
SecFilterSelective THE_REQUEST "/cgi-bin/ls" log,pass
 
# WEB-CLIENT Javascript document.domain attempt
SecFilter "document\.domain\("
 
# WEB-CLIENT Javascript URL host spoofing attempt
SecFilter "javascript\://"
 
# WEB-MISC cross site scripting \(img src=javascript\) attempt
SecFilter "img src=javascript"
 
# WEB-MISC .htpasswd access
SecFilter "\.htpasswd"
 
# WEB-MISC http directory traversal
SecFilter "\.\.\\"
 
# WEB-MISC http directory traversal
SecFilter "\.\./"
 
# WEB-MISC ls%20-l
SecFilter "ls\x20-l"
 
# WEB-MISC /etc/passwd
SecFilter "/etc/passwd"
 
# WEB-MISC .htaccess access
SecFilter "\.htaccess"
 
# WEB-MISC cd..
SecFilter "cd\.\."
 
# WEB-MISC /.... access
SecFilter "/\.\.\.\."
 
# WEB-MISC cat%20 access
SecFilter "cat\x20"
 
# WEB-MISC long basic authorization string
SecFilter "Authorization\: Basic "
 
# WEB-MISC .history access
SecFilterSelective THE_REQUEST "/\.history"
 
# WEB-MISC .bash_history access
SecFilterSelective THE_REQUEST "/\.bash_history"
 
# WEB-MISC *%0a.pl access
SecFilterSelective THE_REQUEST "/*\x0a\.pl"
 
# WEB-MISC apache ?M=D directory list attempt
SecFilterSelective THE_REQUEST "/\?M=D" log,pass
 
# WEB-MISC server-status access
SecFilterSelective THE_REQUEST "/server-status" log,pass
 
# WEB-MISC Transfer-Encoding\: chunked

SecFilter "chunked"
 
# WEB-MISC perl post attempt
SecFilterSelective THE_REQUEST "/perl/" chain
SecFilter "POST"
 
# WEB-MISC mod_gzip_status access
SecFilterSelective THE_REQUEST "/mod_gzip_status" log,pass
 
# WEB-PHP squirrel mail spell-check arbitrary command attempt
SecFilterSelective THE_REQUEST "/squirrelspell/modules/check_me\.mod\.php" chain
SecFilter "SQSPELL_APP\["
 
# WEB-PHP squirrel mail theme arbitrary command attempt
SecFilterSelective THE_REQUEST "/left_main\.php" chain
SecFilter "cmdd="
 
# WEB-PHP phpbb quick-reply.php arbitrary command attempt
SecFilterSelective THE_REQUEST "/quick-reply\.php" chain
SecFilter "phpbb_root_path="
 
# WEB-PHP phpbb quick-reply.php access
SecFilterSelective THE_REQUEST "/quick-reply\.php" log,pass
SecFilterSelective THE_REQUEST "\.php" chain
SecFilter "path=http\://"
 
# WEB-PHP Mambo uploadimage.php upload php file attempt
SecFilterSelective THE_REQUEST "/uploadimage\.php" chain
SecFilter "\.php"
 
# WEB-PHP Mambo upload.php upload php file attempt
SecFilterSelective THE_REQUEST "/upload\.php" chain
SecFilter "\.php"
 
# WEB-PHP Mambo uploadimage.php access
SecFilterSelective THE_REQUEST "/uploadimage\.php" log,pass
 
# WEB-PHP Mambo upload.php access
SecFilterSelective THE_REQUEST "/upload\.php" log,pass
 
# WEB-PHP phpBB privmsg.php access
SecFilterSelective THE_REQUEST "/privmsg\.php" log,pass

# WEB-PHP test.php access
SecFilterSelective THE_REQUEST "/test\.php" log,pass

# WEB-PHP phpBB viewtopic.php
SecFilterSelective THE_REQUEST "viewtopic.php" chain 
SecFilterSelective "THE_REQUEST|ARG_VALUES" "(system|exec|passthru|cmd|fopen|exit|fwrite)" deny,log

# EXTRAS

SecFilter "/boot"
SecFilter "/dev"
SecFilter "/etc"
SecFilter "/initrd"
SecFilter "/lost+found"
SecFilter "/mnt"
SecFilter "/proc"
SecFilter "/root"
SecFilter "/sbin"
SecFilter "/tmp"
SecFilter "/usr/local/apache"
SecFilter "/var/spool"
SecFilter "/bin/cc"
SecFilter "/bin/gcc"
SecFilter "<[[:space:]]*script"
SecFilter "<(.|\n)+>"
SecFilter "delete[[:space:]]+from"
SecFilter "insert[[:space:]]+into"
SecFilter "select.+from"

But can be updated easily. Additionally a log should be created (should you specify Mod_Security to do so) in a directory similar to (this can be changed in the mod_security configuration file mentioned above):
/var/log/httpd/audit_log

Theres a whole post on setting it up here which includes some keywords which will conflict with forums and forms in general.

I am a Web Development Contractor, I do not work for UBBCentral. I have provided free User to User Support since the beginning of these support forums.
Do you need Forum Install or Upgrade Services?
Forums: A Gardeners Forum, Scouters World
UBB.threads: UBBWiki, UBB Styles, UBB.Sitemaps
Longtime Supporter & Resident Post-A-Holic
VNC Web Services: Code Modifications, Upgrades, Styling, Coding Services, Disaster Recovery, and more!