Is there any simple way to detect if mod_security is installed & enabled using just PHP? Ideally without any exec() terminal type commands to be executed.
Some people have recommended using apache_get_modules() but this specific web-host does not allow it to show. This is also mentioned by other users here: http://www.devcomments.com/apache_get_modules-solution-to130703.htm
Try the apache_get_modulesfunction to get an array of the loaded modules. If that module is loaded but not listed there, you might want to try phpinfo with phpinfo(INFO_MODULES) instead:
ob_start();
phpinfo(INFO_MODULES);
$contents = ob_get_clean();
$moduleAvailable = strpos($contents, 'mod_security') !== false;
Grasping at straws here.
Try having your script make a request to itself (via file_get_contents or maybe the cURL extension) that would trip mod_security. If it returns a 403 (or whatever mod_security's default response is), that should be enough information for you to go on...