phranque - 6:51 am on Oct 23, 2012 (gmt 0)
pure and simple - with HTTPS you cannot do anything on the web server until the SSL/TLS handshake is complete and the secure connection is made.
mod_sec knows absolutely nothing about the HTTPS request until after SSL/TLS has done its thing.
if you don't make a secure connection, you don't have a mod_sec problem.
i would shut down port 443 for that IP and stop serving the cert.