The ModSecurity Reference Manual should be used in all cases where questions arise over the syntax of commands: “https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual”.
In terms of rule writing, the main directive to know is SecRule, which is used to create rules and thus does most of the work.
Every rule defined by SecRule conforms to the same format, as below:
SecRule VARIABLES OPERATOR [ACTIONS]
The three parts have the following meanings: