modsecurity rule exclusions for elgg

Has anyone constructed a robust set of modsecurity firewall rule exclusions for elgg?

You probably won't need them until enabling HTML content, which upsets the firewall as it looks like a code injection attack. I think since most plugins should follow the same design pattern, rules could be developed that are specific enough to elgg but open enough not to break any plugins.

This is what I currently have, but it is obviously too broad and needs to be narrowed more - I'd appreciate any suggestions or if somebody has already went through this ordeal please advise:

 SecRule REQUEST_FILENAME "@contains /edit/" \
     "id:1001,phase:request,pass,nolog,\
     ctl:ruleRemoveById=941000-942999"

 SecRule REQUEST_FILENAME "@contains /action/" \
     "id:1002,phase:request,pass,nolog,\
     ctl:ruleRemoveById=941000-942999"

Can't we narrow down the contains pattern or do a better regex without breaking most plugins? Can't I narrow down the rule exclusions by ID more, or does that seem about appropriate?