Shared hosting means you might not be able to do this, but ... worth a look:
Out of the box, modsecurity doesn’t do anything as it needs rules to work. The default configuration file is set to DetectionOnly which logs requests according to rule matches and doesn’t block anything.
You, the op, could then see what rules were triggered and 'whitelist' them.
Once mod_security stops complaining, turn it on.