Test and enable some of:

apache suexec module

mod_security2 (check out the different rulesets and how current they are)

greensql (mysql proxy that can be trained during dev)

fail2ban hooked up to application errors


  • Turn on the filters
  • Make them work
  • Identify they're positively working and blocking stuff
  • Identify any filters you don't need and disable
  • run it in bypass mode and collect data
  • Hook up to ticketing system etc
  • Once you got it running without false positives[*]
  • enable and generate tickets

[*] you'd be surprised how many people can't figure that on their own.