ModSecurity rule exceptions were in <Directory> block in Apache templates, this is the reason why they did not work for global aliases like /roundcube. |MOD_SECURITY_RULES| is moved outside <Directory> block now, so that it would work for the whole virtualhost.