ModSecurity rules

There are lot of ModSecurity rules vendors

Anything else and what is you suggestion which one to use in production envirioment ?

Where is your production environment hosted? On DreamHost managed services, there there is already a WAF running and you may not need to add more filtering. If you’re running your applications on DreamCompute then things are different since the operating system on DreamCompute is not managed.

Virtual private servers (VPS), Running Apache + ModSecurity.

If Apache on your VPS is managed by DreamHost then you don’t need to add your own WAF modSecurity rules: DreamHost deploys and maintains a set of rules based on the core rule set, plus some customizations.

If your Apache instance is unmanaged then you’re welcome to shop around, of course.