June 25, 2008, 10:05 PM — If your organization runs Apache as the primary web server of choice, you should definitely be looking into mod_security. It is an open source web application firewall that is custom integrated with Apache and works so well that in most cases, its operations are transparent to normal users. However, don't mistake simplicity with lack of capability. Mod_security is plenty capable of protecting most applications from a variety of common attacks, including injections and cross site scripting (XSS). While the product is not a panacea or a replacement for good coding practices, it does make an excellent element for a defense in depth approach to protecting web applications and the underlying data that it leverages.
You can read more about the tool at here. Also, mod_security is FREE.