Attempting to redirect a portion of a subnet to a particular website/URL:

   SecFilterSelective REQUEST_URI "portal.html" log,allow
   SecFilterSelective REMOTE_ADDR "^192\.168\.0\.200-210$" log,redirect: http://192.168.0.1/portal.html

works except for the situation when the browser is first started, in which case I get a standard 404 (oh, at this point, I should probably let you know that I'm intercepting DNS queries from hosts in the 192.168.0.200-210 range and resolving *everything* to 192.168.0.1).  So, why is the web server is seeing URL with tail-end that look like this?:
 
   en-us/ie/default.aspx (in the case of the IE start page http://msdn2.microsoft.com/en-us/ie/default.aspx)
   firefox?client=firefox-a&rls=org.mozilla:en-US:official (in the case of the firefox start page http://en-us.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official)

I'm not quite understanding why mod_security isn't catching these... but I really don't care either (other than this behavior causes me to have less confidence in mod_security).

What I want to do is just redirect all 404s to http://192.168.0.1/portal.html without having to use .htaccess or mod_redirect (not installed on this particular config).

I've done a modest amount of STFW and can't find anything that indicates if mod_security can handle this or not.

...any help or pointers would be greatly appreciated