Hmm, for me it worked.
Did you follow the step here:
http://www.faqforge.com/linux/apache...n-6-0-squeeze/
Code:
To enable mod-security, edit the file
vi /etc/apache2/mod-security/modsecurity_crs_10_config.conf
and remove the # in front of the line:
SecDefaultAction “phase:2,log,deny,status:403,t:lowercase,t:replaceNulls,t:compressWhitespace”