I am testing modsecurity for the first time and am trying to understand writing the rules.

Currently I am trying to limit a sample rule to a specific directory.

The setup is modsecurity 2.1.3/Apache 2.x/Fedora.

My php sample page lives in 2 directories: /protected & /virgin
PHP Code:

if ( isset($_GET['attack']) )
"who me??";

My rules config looks like this currently which does not work, but I have also tried the <Directory> and the regular <Location> directives with no luck. If I comment out the <LocationMatch> </LocationMatch> lines the rule works just fine. I've seen other pre-made rules use the LocationMatch directive so I don't know what I'm doing wrong. Any ideas?

# Drop your local rules in here.

<LocationMatch "/var/www/html/modsec/protected/index.php">
# Sample test rule 
  SecRule ARGS "attack" "log,deny,phase:1,redirect:http://www.example.com"