I notice that my mod_security is blocking a tonne of actions, often even ones that are not malicious. I am currently using the default rule. I use this server for clients of my shared hosting. What is the best rule to use?
Nobody tell you what rules are best for YOUR server.
Default rules are strict.
It naturally if you change or delete some of them.
But please read mod_security carefully before.
And try to understand what every rule to do before change it.