One other follow-up – for anyone that is playing around with the RegEx values, you really should get one of the cool RegEx GUI tools available to help you. Please see Ofer's latest Blog post - http://www.modsecurity.org/blog/archives/2007/03/regular_express.html . These tools tremendously help to trouble-shoot and verify that your RegEx values will indeed match the target request data.
The other important method to use is to turn up the debug log level and submit requests with your new RegEx and see if it matches in the debug log. This is an important step outlined in this Blog post - http://www.modsecurity.org/blog/archives/2007/02/handling_false.html .
Ryan C. Barnett
ModSecurity Community Manager
Breach Security: Director of Application Security Training
Web Application Security Consortium (WASC) Member
Author: Preventing Web Attacks with Apache
Web Security Threat Report Webinar on May 9, 2007 (12 pm EST)
Learn More About the Breach Webinar Series: