I've just added a new feature to mod_security (CVS, both versions) that allows you to achieve a better control of what gets filtered. Up until now mod_security looked at every single request. Since most static resources (e.g. images) are not vulnerable it is safe to assume that we don't need to look at those types of requests. And, the number of image requests versus (dynamic) page requests is much bigger the savings in CPU cycles are probably quite big.
Blogs & Stories
SpiderLabs Blog
Attracting more than a half-million annual readers, this is the security community's go-to destination for technical breakdowns of the latest threats, critical vulnerability disclosures and cutting-edge research.