A good overview of the mod_security module for apache can be found at pathfinder. Mod_security is a good application firewall that can help protect and apache server from common application level attacks (sql injection, email header injeciton, cross-site scripting) by inspecting the payload of requests coming to the server. Its very useful in quickly putting up a security measure without having to inspect all the applications running on your server, which can be time consuming).
Our first reaction is to pull the plug, analyze, and rebuild a secure
and scalable solution. But pulling the plug is usually not an option.
If a company relies on an application for leads or sales, they probably
can’t afford to shut it down for any length of time. Under these
circumstances, triage is usually the best one can hope for.