SNORT is the most widely used open source IDS to date. SNORT has introduced inline mode which can be used to drop packets. Using inline mode, SNORT can be used as firewall as well. This paper outlines how to write common SNORT rules to protect against common web application attacks.
You can download it from the following link: https://packetstormsecurity.com/files/download/74254/snort-firstline.pdf
Source: https://packetstormsecurity.com/files/74254/SNORT-First-Line-Of-Defense-For-Web-Application-Attacks.html