I recently wrote some IDS rule sets I found to be useful
for snort that would help detect known, and unknown
port80 attacks. I submitted these rules to snort.org
and they liked them so much they are now included
in the newest release.
These rules were based from cgisecurity.com's paper #3
which will be released later today.
A copy of these new rules are below.