Personally I use the stuff below, in a reverse-proxy server. It works well and stops a majority of the expolits I've seen. Takes loads of the actual webs ervers as well as it's in the proxy.
--8<--
RewriteEngine On
RewriteOptions inherit
RewriteLog logs/rewrite_log
RewriteCond %{REQUEST_URI}?%{QUERY_STRING} (.*)/winnt/system32/(.*) [NC,OR]
RewriteCond %{REQUEST_URI}?%{QUERY_STRING} (.*)/winnt/system/(.*) [NC,OR]
RewriteCond %{REQUEST_URI}?%{QUERY_STRING} (.*)/windows/system32/(.*) [NC,OR]
RewriteCond %{REQUEST_URI}?%{QUERY_STRING} (.*)/windows/system/(.*) [NC,OR]
RewriteCond %{REQUEST_URI}?%{QUERY_STRING} (.*)/cmd\.exe[$|\?(.*)] [NC,OR]
RewriteCond %{REQUEST_URI}?%{QUERY_STRING} (.*)/scripts/root.exe[$|\?(.*)] [NC,OR]
RewriteCond %{REQUEST_URI}?%{QUERY_STRING} (.*)/msadc/root\.exe[$|\?(.*)] [NC,OR]
RewriteCond %{REQUEST_URI}?%{QUERY_STRING} (.*)\\\.\.(.*) [NC,OR]
RewriteCond %{REQUEST_URI}?%{QUERY_STRING} (.*)/admin\.dll[$|\?(.*)] [NC,OR]
RewriteCond %{REQUEST_URI}?%{QUERY_STRING} (.*)/msadcs\.dll[$|\?(.*)] [NC,OR]
RewriteCond %{REQUEST_URI}?%{QUERY_STRING} (.*)/ext\.dll[$|\?(.*)] [NC,OR]
RewriteCond %{REQUEST_URI} (.*)/\.(.*) [NC,OR]
RewriteCond %{REQUEST_URI}?%{QUERY_STRING} (.*)/php\.exe[$|\?(.*)] [NC,OR]
RewriteCond %{REQUEST_URI}?%{QUERY_STRING} (.*)\<(.*) [OR]
RewriteCond %{REQUEST_URI}?%{QUERY_STRING} (.*)\>(.*) [OR]
RewriteCond %{REQUEST_URI}?%{QUERY_STRING} (.*)\|(.*) [OR]
RewriteCond %{REQUEST_URI} (.{255,}) [OR]
RewriteCond %{QUERY_STRING} (.{127,}) [OR]
RewriteCond %{REQUEST_URI}?%{QUERY_STRING} [\x00-\x1f]+ [OR]
RewriteCond %{REQUEST_URI}?%{QUERY_STRING} [\x7f|\xff]+
RewriteRule (.*)
http://monty.frukt.org/error/filtered.html [NC,F]
--8<--
As you can see it returns a forbidden answer for a whole bunch of stuff.