mod_security, modsec, or ModSecurity as it's called by the maker Atomicorp has been a standard on Apache hosting servers for some time now. If you are hosting for a wide range of client types you undoubtably have run into a few issues with the strict rules implemented by default with some hosting providers.
Viewing the ModSecurity Log
The Mod Security Log can be found on a typical server here: /usr/local/apache/logs/error_log
Searching for something specific in the Mod Security log can be an easy GREP request: grep "yadda yadda" /usr/local/apache/logs/error_log
Whitelisting a server IP for All Rules
The whitelist file is typically first to be included and can be used to dictate that some or all rules be ignored for a website or IP address.
Edit the whitelist file with your favorite editor! vi /usr/local/apache/conf/modsec/00_asl_whitelist.conf
Commands can be complicated, for example: SecRule REMOTE_ADDR "^1\.2\.3\.4" "id:12345,phase:2,t:none,pass,nolog,noauditlog,ctl:ruleRemovebyID=7777"
In the above we are whitelisting the IP address 1.2.3.4 for the rule 7777.
Reference the ModSecurity manual for details: http://www.atomicorp.com/wiki/index.php/Mod_security
Remember to Restart the HTTPD server to effect changes
