My system : CentOS 6.2 64bit and iptables-1.4.7-5.1

I want use iptables string module to block some http request .
I want to block some scan/attack like xss or sql-i :

example : block request by insert <script> in form .

My example syntax is :

Code:
iptables -I INPUT -p tcp --dport 80 -m string --string "<script>" --algo bm --icase -j DROP
But dont work .

I can use

Code:
iptables -I INPUT -p tcp --dport 80 -m string --string "script" --algo bm --icase -j DROP
But is very restrictive .

How can use string module and "--icase" with iptables to block request with specific string with ONE rule ?? .... example :

Code:
<script>
<SCRIPT>
<ScRiPt>
<sCrIpT>
....
thanks