Greetings, Mister.
I have been providing consulting services for several companies and let me tell you. You won't get to have an application layer that protects your infrastructure or site.
I tell you why: it all depends on the traffic you have available and the size of the DDOS attacks. The best of breed solutions are very expensive and you can't get 100% protected. See Verisign, Akamai, aiCache (a cheap one).
Building a software is very complex and for sure you will not block 100% of attacks.
You need to study some ways to spread your infrasctructure, distribute DNS and proxies. To layer 7 attacks, just modifying the code can solve your problem, if so.
Sorry for the long message. It is just a warning.
Regards.