SecRuleEngine On 
SecRequestBodyAccess On
SecRule REQUEST_HEADERS:Content-Type "text/xml" \
     "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML"
SecRequestBodyLimit 1048576000
SecRequestBodyNoFilesLimit 73400320
SecRequestBodyInMemoryLimit 1048576
SecRequestBodyLimitAction Reject
SecPcreMatchLimit 500000
SecPcreMatchLimitRecursion 500000
SecRule TX:/^MSC_/ "!@streq 0" \
        "id:'200004',phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'"
SecResponseBodyAccess On
SecResponseBodyMimeType text/plain text/html text/xml
SecResponseBodyLimit 1048576
SecResponseBodyLimitAction ProcessPartial
SecTmpDir "C:\inetpub\temp\modsec\"
SecDataDir "C:\inetpub\temp\modsec\"
SecUploadDir "C:\inetpub\temp\modsec\"
SecUploadKeepFiles RelevantOnly
SecUploadFileMode 0640
SecAuditEngine On
SecStatusEngine On
SecAuditLogParts ABIJKEFHZ
SecAuditLogType Serial
SecAuditLog "| C:\Windows\System32\inetsrv\mlogc.exe C:\Windows\System32\inetsrv\mlogc.conf"
SecAuditLogStorageDir "C:\inetpub\logs\audit"
SecArgumentSeparator &
SecCookieFormat 0
SecDefaultAction "phase:2,log,deny,status:403"

SecRule REQUEST_BODY "(?:/etc/passwd|/etc/shadow|/proc/self/environ|uname -a|uname -r)" 
"phase:2,t:none,t:lowercase,log,deny,id:'99001',msg:'Custom Rules - Command execution attack'"