This work presents an IPS for web applications that combines anomaly detection, misuse detection, and a prevention module. This approach provides us a solution that produce a number of false positives and false negatives less than traditional solutions. The proposed system is also able to update the misuse and anomaly model according to feedback received by the security manager. Finally, in our system the anomaly model has been specifically designed for web applications. We implemented and experimented our system in a real service company. From the results arises an improvement with respect to other state-of-the-art WEBIDSs.