Using my honeypot server, I’ve been able to capture some examples of Log4J attempts against it. What this is showing is that the ModSecurity rules in place, at least in this subset of anecdotal examples, are able to block the various attempts, up to this point.

Setting up ModSecurity with NGINX and Log4J rules: https://davidwesterfield.net/2021/12/log4j-and-modsecurity/

Setting up ModSecurity with Apache and Log4J rules: https://davidwesterfield.net/2021/12/log4j-apache-and-modsecurity/