This is what I've been looking for quite some time! A module specifically designed for Apache security.
This module increases the security level of an Apache web server or other servers if used with Apache in proxy mode. Modsecurity acts as an application firewall embedded in Apache. It protects web applications against common attacks (SQL injection, Cross Site Scripting, etc.)
I found this nice documentation, but like most docs, it's missing some things. It's not much but I'm adding it anyway.
Installation
If your Debian distribution doesn't have the packages, download them from the Debian website then:
# Security discoverd with NiktoTraceEnable"off"# More Security<IfModulemod_security.c>
# Turn the filtering engine On or OffSecFilterEngineOn
# Server SignatureSecServerSignature"Microsoft-IIS/5.0"# Make sure that URL encoding is validSecFilterCheckURLEncodingOn
# Unicode encoding checkSecFilterCheckUnicodeEncodingOff
# Only allow bytes from this rangeSecFilterForceByteRange0255# Only log suspicious requestsSecAuditEngineRelevantOnly
# The name of the audit log fileSecAuditLog/var/log/apache2/audit_log
# Debug level set to a minimumSecFilterDebugLog/var/log/apache2/modsec_debug_log
SecFilterDebugLevel0# Should mod_security inspect POST payloadsSecFilterScanPOSTOn
# By default log and deny suspicious requests# with HTTP status 500SecFilterDefaultAction"deny,log,status:500"# Require HTTP_USER_AGENT and HTTP_HOST in all requestsSecFilterSelective"HTTP_USER_AGENT|HTTP_HOST""^$"# Weaker XSS protection but allows common HTML tagsSecFilter"<[[:space:]]*script"# Prevent XSS atacks (HTML/Javascript injection)#SecFilter "<(.|n)+>"# Very crude filters to prevent SQL injection attacksSecFilter"delete[[:space:]]+from"SecFilter"insert[[:space:]]+into"# Replace "elect" with "select" in the line belowSecFilter"elect.+from"SecFilter"drop[[:space:]]table"# Protecting from XSS attacks through the PHP session cookieSecFilterSelectiveARG_PHPSESSID"!^[0-9a-z]*$"SecFilterSelectiveCOOKIE_PHPSESSID"!^[0-9a-z]*$"</IfModule>