How can i block all access to a php file using mod_sec?
The file name has the form: sm6#.php, being # a random digit.
You can do it with a simple single rule such as:
SecRule REQUEST_LINE "@rx sm6[0-9]{1,}\.php" \
"phase:2,block,severity:2,msg:'Blocking access to sm6#.php files.'"
In this case, the {1,} means at least 1 digit (after the number 6) in the filename. You could change it to 2, 3, 4, or even 100 if you wanted to. Or restrict it to minimum 2 digits and maximum 6 digits using {2,6}. It uses PCRE pattern matching, so it's up to you!