I'm considering installing mod_security ( http://www.modsecurity.org/ ). I'm just wondering if anyone else here has used this. From what I understand, this Apache module will help fight off Cross Site Scripting and SQL Injection Attacks.

If you've used it, what was the impact on your server? Performance? Did it prevent any attack you might have tested?


Thanks for your comments, advice, post in advance.

--PuRe