I had another runin with an overzealous mod_sec rule today.  This time I was testing some new tags on my comment form, one of which is a code block.  When inserting any perl or python code into the block, and submitting it, mod_security flags it as an attempted command injection.  When trying to post the following(either "python" or "perl"):


<div>Python Code</div>

I get a 501, method not allowed on "python" (or "perl")

[data ";\x22>python"]

The culrpit is a pretty simple rule in modsecurity_crs_40_generic_attacks.conf, id 950006


...p(?:asswd|ython|erl|ing|s)...

Deleting "ython|erl|" was enough for me to solve that little issue.  I don't run any python or perl scripts on my server so it's not a terirble inconvenience for me to disable checking for those injection attempts, though if you do run those scripts, you may want to find another way to handle it.