SecFilterEngine On
SecFilterSignatureAction log,deny,status:500
SecFilter /bin/sh "id:1001,rev:2,severity:2,msg:'/bin/sh attack attempt'"
# Regel für die Version 1.8
# SecFilter bin/sh