Word Wide Web has become the new way of communication today and is the most attack service of network. Besides the known vulnerabilities, more application-level web securities have been exploited recently, such as parameter tampering, application buffer overflow, and forceful browsing etc. They usually refer to vulnerabilities inherent in the code of a web-application themselves. Unfortunately, they can’t be detecting by tradition intrusion detection system effective. In this paper we take both the anomaly and misuse detection which address the problem of application-level web security. Our system is based on Application-Based intrusion detection system, and the protection module is embedded directly in the web server. In order to define all the valid requests for anomaly detection, we use the techniques which observe the users’ click behaviors and generate their personal policies dynamically. In other hand, we transformed the snort signatures as misuse detection. They can not only pass the valid request but also defend the new attack behavior and detect the old attack event with the method. Finally, we report the results and experience arising from our implementation of these techniques.