I've been working with mod_security and it's been running fine except when dealing with soap and specifically wsdl.  If I'm just using soap, I don't have an issue, but if wsdl is used, I get 401 Unauthorized errors.   

mod_security's logs all report rules that either "pass" or "SkipAfter" and nothing that appears to outright reject anything.   I've been banging on this for hours and I just can't figure out how to get the wsdl through mod_security.

Does mod_security have issues with wsdl?  Does it mangle part of the request?  I would think it wouldn't alter a request at all.  It would either let it pass, or discard it.

I've had these issues with using a URL in a browser window and also with Ruby's SOAP4R soap library.