Unless there's an obvious flaw in this somewhere, this seems to work for me: SecFilterSelective REQUEST_METHOD "!^GET$" chain SecFilterSelective REQUEST_URI "/cgi-bin/mailman/" chain SecFilterSelective HTTP_Content-Type "!(^$|^application/x-www-form-urlencoded$|^multipart/form-data)" Hope this helps someone else. :) -- Re-Interpreting Historic Miracles with SED #141: %s/water/wine/g