Sometimes it’s better to buy hardware to solve that problem. There are some firewall products that record what goes out versus what comes back cookie-wise and don’t allow cookies to be added from the client side, prevent replay attacks, prevent injection attacks, etc. If you write software in layers, you should also think of layering access to your website.
There’s a benefit that you reduce the load on your servers to legitimate requests, etc.