Speaking about open-source solutions, you should definitely look at naxsi (NAXSI means Nginx Anti Xss & Sql Injection). This is short desc from official site:

Technically, it is a third party nginx module, available as a package for many UNIX-like platforms. This module, by default, reads a small subset of simple rules (naxsi_core.rules) containing 99% of known patterns involved in websites vulnerabilities. For example, '<', '|' or 'drop' are not supposed to be part of a URI.

In practice, you still need support it and keep rules up-to-date for your applications (but with help of built-in learning modules). If you're a looking for more efficient and easy-to-use solution, give a chance to Wallarm. It is built on NGINX, learns from traffic to craft blocking rules, has awesome interface and even vulnerability scanner built-in — but, unfortunately, it is not free.