ModSecurity is an Apache module that can defend web services from attacks by filtering inputs. It operates at the web server level to protect web services built using WSDL and SOAP over HTTP/HTTPS. The paper describes techniques using ModSecurity to filter malicious content in POST variables and other requests that could be used to exploit vulnerabilities and conduct remote code execution or information leakage if not defended at the application level. Familiarity with Apache, basic web services concepts, and ModSecurity is required to understand the defense methods presented.