This article sheds some light concepts pertaining to the WAF-like feature functionality of mod_security in Apache.
You can download it from the following link: https://packetstormsecurity.com/files/download/118925/addressing-attacks.pdf
Source: https://packetstormsecurity.com/files/118925/Address-Application-Layer-Attacks-With-Mod-Security.html