this is our standard security appliance. It is the FF100 (apache reverse proxy) with mod_sec functionality thrown in. This appliance is then configured depending on your requirements.
All our application firewall implementations utilize apache in reverse proxy mode with mod_sec as the inspection module and the OWASP core_rule set as the mod_sec rule set. This most basic implementation of the application firewall configured and maintained by us is called the FF200.