I realized that mod_security wasnt catching a lot of spam-posts on my site. it seems that comment-posts and certain types of new-page posts are working properly, but new forum-posts are not. Here is a test-rule i have made: SecRule REQUEST_METHOD "POST" SecRule REQUEST_BODY "spammyword|www.spammysite.com" \ "rev:2,severity:'3',msg:'Keyword blocked'" Code (markup): If i reply to an existing page/post with the keywords above, modsecurity blocks it, if i create a new page (path /node/add/page) it blocks it, but if i create a forum-topic or blog entry (node/add/forum or node/add/blog) it lets it right through! Any tips or help on how to troubleshoot this?
I've found that the problem is between the Drupal 6.x Upload module and the mod_security t:lowercase directive. I made a post over at Drupal if anyone cares to look into it: http://drupal.org/node/1013764