IDS workflow:
- Client send request
- IDS analyze request(GET, POST, COOKIE, SESSION)
- Detect malicious activity
- Send report(to administrator or store it in database)
- * Kill request
*When you feel comfortable with the IDS configuration, you can even enable and automatically kill malicious requests, that reach you website.