Attempting to redirect a portion of a subnet to a particular website/URL:

   SecFilterSelective REQUEST_URI "portal.html" log,allow
   SecFilterSelective REMOTE_ADDR "^192\.168\.0\.200-210$" log,redirect:

works except for the situation when the browser is first started, in which case I get a standard 404 (oh, at this point, I should probably let you know that I'm intercepting DNS queries from hosts in the range and resolving *everything* to  So, why is the web server is seeing URL with tail-end that look like this?:
   en-us/ie/default.aspx (in the case of the IE start page
   firefox?client=firefox-a&rls=org.mozilla:en-US:official (in the case of the firefox start page

I'm not quite understanding why mod_security isn't catching these... but I really don't care either (other than this behavior causes me to have less confidence in mod_security).

What I want to do is just redirect all 404s to without having to use .htaccess or mod_redirect (not installed on this particular config).

I've done a modest amount of STFW and can't find anything that indicates if mod_security can handle this or not.

...any help or pointers would be greatly appreciated