[ Thanks to Caitlyn Martin for this link.
“Deploying Drupal on an Apache web server with
mod_security or adding mod_security to an Apache server with Drupal
running should be as easy as installing the relevant packages.
Unfortunately, on Red Hat Enterprise Linux (RHEL) 5.4 and 5.5
servers it just isn’t so. This is due to a combination of a bug and
an outdated Core Rule Set (CRS) in the current mod_security package
in the EPEL (Extra Packages for Enterprise Linux) repository. I’ve
seen lots of posts online where people were struggling with this
combination so I decided a how-to article was in order.
“The problems are entirely in the mod_security package. I’ve
written this from the perspective of having Apache and Drupal
already running and adding mod_security, which is how I did it on
four web servers recently. However, the order in which you install
things really shouldn’t matter. I am also assuming that most
readers will have already added EPEL to their sources for yum or at
least be aware of how to do that. These instructions will also work
on other Linux distributions which are binary compatible with RHEL
including CentOS and Scientific Linux.”