DandDSolutions,
I have years of experience hardening IIS Servers and securing web applications. I utilize ISAPI filters to filter/alter web requests in addition to Proxies. Microsoft has a nice one called URLScan but I see here that you prefer to use another great one from Helicon Tech. It's not really hard at all, I agree that you must be capable of writing efficient regular expressions or else you might wind up having high false positives or having a performance hit. I assist others in fine tuning their Security Information Events Management (SIEM) solutions and having exact knowledge of how regular expressions are written and processed is critical.