Ajax and Web Services are two important aspects of Web 2.0 applications. In the past I wrote articles on defending application layer using Mod Security 1.0. New version of Mod Security is out there and Ryan C. Barnett has enhanced both the articles by adding 2.0 changes. They are posted on Mod Security site for community review. Here are pointers to both the documents. You may find it helpful.
Securing Web Services with ModSecurity 2
Ajax Fingerprinting and Filtering with ModSecurity 2