Drupal Security Hijinks

I've been playing around with Drupal on this site (on the back-end, naturally). I really like its modularity. Amusingly, I'm running into security problems when trying to do various Drupal administrative tasks, indicating that my Apache app firewall's rather paranoid settings are finally coming back to bite me. I initially slapped together a config file for the security module that had no subtlety, intending to return to it to fine tune it. Drupal's usage of HTTP POST to send some data is likely the cause of the problem; I will have to write a new, more flexible rule so that POST payloads are still examined and hopefully rejected, if they contain digital skullduggery intended to break/access my server. Which means really sitting down with both the Drupal source code and the mod_security handbook to reconcile the two parties. I have to find a way to maintain security without losing functionality.