These rules act as a baseline web application firewall built on common attack strings. If you get banned during legitimate traffic, you'll have to remove troubled keywords. If you can't, post'em to us. We'll send you finer version that suits your site. It's a must for all web servers. Remember it cannot help most web application attacks such as Information Leakage, Insufficent Authentication/Authorization, Bruteforcing, Predicatable Resource Location, Logic flaws.
Requirements: Apache with mod_rewrite module enabled
Date: March 2009