How to drop all requests using mod_security

view story

http://serverfault.com – I have an apache2 server with several sites enabled on it, including the default one (000default). The default server is catching lots of spammy requests that are doing nothing but consume bandwidth and fill up the log file. What would be a minimal virtual host config that would drop all requests that hit the default site? This is what I have so far using mod_security, but it seems to do nothing but respond with a 403 for all requests: <VirtualHost *:80> ServerName default.only SecRuleEngine On SecAction "drop,phase:1" </VirtualHost> (HowTos)