Mod_Security Issues

[optimushunk]

I have been getting errors in my mod_security saying:

         Access denied with code 501 (phase 2). Pattern match "(?:\b(?:(?:n(?:et(?:\b\W+?\blocalgroup|\.exe)|(?:map|c)\.exe)|t(?:racer(?:oute|t)|elnet\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\.exe|echo\b\W*?\by+)\b|c(?:md(?:(?:32)?\.exe\b|\b\W*?\/c)|d(?:\b\W*?[\\/]|\W*?\.\.)|hmod.{0,40}?\+.{0,3}x))|[\;\|\`]\W*? ..." at ARGS:action. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "139"] [id "950006"] [msg "System Command Injection"] [data ";id"] [severity "CRITICAL"] [tag "WEB_ATTACK/COMMAND_INJECTION"]

I have been going mad in figuring out what is wrong..

It comes up when i go to a gallery section within SMF..

 

[optimushunk]

Solved by removing the rule. Do we modify them or just remove it ? I wanted it done urgently, but no help ..