modsec2 whitelist rules and negative rules recipe list

[inetbiz]

Could anyone with a strong modsec2 background get with others to collaborate on useful modsec2 custom rules for both whitelisting and 500 denies with audit logging?