[mod-security-users] escape character problem - mod_security v1.9.2

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hi all:

I am using mod_security 1.9.2 and Apache 2.0.55(Win32).
The server and client OS are Windows XP Pro SP2(Japanese).
Client browser is IE 6.0 SP2.

Here is my problem. I want mod_security to filter a combined character \"(escape + double quotation). 
I set modsecurity.conf like below.

##
SecFilterSelective POST_PAYLOAD "&ARG_parameter1=" chain
SecFilter "&ARG_parameter1=\\\"&"
##

I thought that regex patern \\\" can match string \". Unfortunately, It doesn't work at all. 
But if you set modsecurity.conf like this,

##
SecFilterSelective POST_PAYLOAD "&ARG_parameter1=" chain
SecFilter "\\\""
##

It works well. 
What a strange! Can someone help me to figure out what this problem? 

My purpose is:
1. Filter and only filter the string \"
2. Don't filter parameters in the post body except parameter ARG_parameter1(assumed)

The post body in log likes this:
sticky=0&ARG_parameter1=%5C%22&password=1

The other related configuration I thought is like below,

####
    SecFilterEngine On
    SecFilterScanPOST On

    SecFilterSelective HTTP_Transfer-Encoding "!^$"

    SecFilterInheritance On
    SecFilterInheritanceMandatory On

    SecFilterCheckURLEncoding On
    SecFilterCheckUnicodeEncoding On

    SecFilterSelective REQUEST_METHOD "^POST$" chain
    SecFilterSelective HTTP_Content-Length "^$" 

####

The same problem also happens to the combined character \'(escape + single quotation).
Please help!

Thanks in advance.