I'd like to see a better mod_security implimention.
I don't use mod sec though recently interested.
We need built in rule subset that watches IP traffic. Some sites like a php based tracker use 100's of hits, but what about 1 IP downloading a image over and over and over, or sending SQL, what PHP site uses SQL in the url these days?
I saw one site push out 200GB of bw just from images, would of been awesome if that was blcoked.