Install ModSecurity
See http://www.modsecurity.org/about.html
This issue with performance is nicely described by HaProxy and the propose a solution where the WAF is operating on their own server(s) befor handing over to the real webserver(s), see http://blog.haproxy.com/2012/10/12/scalable-waf-protection-with-haproxy-and-apache-with-modsecurity/
Edited by GitLab Bot