Am 28.01.2026 um 09:46 schrieb Christian Schulte: > Am 27.01.2026 um 03:50 schrieb Lloyd: >> Christian Schulte wrote: >> >>> The only option I see is grepping the log file for those >>> status codes (404, 406, 429, some location, etc.) and use the IP >>> information for creating pf rules. Having httpd in base do something >>> like this automatically like e.g. spamd would be a cool feature to have. >>> Something like: Make httpd detect IPs sending too many requests and make >>> it manage some pf table to block that IP for some time automatically >>> similar to spamd. >> >> I would argue this would be a perfect job for relayd, not httpd. httpd >> lacks kitchen-sink features by design, let relayd do the heavy lifting >> for which it's better equipped. >> > > Did not know about relayd. At a first look, it seemed like a perfect > place to add functionality like this. Thinking about it. Sadly this will > all "kick in" way too late. Most efficient would be to add this to the > in kernel packet filter in some way. Something like: Add something to > the pf.conf grammar allowing to declare limits based on the initiating > endpoint rather than the targeted endpoint. Not sure about it. Similar > to queuing[1] but with reversed semantics. > > [1] <https://man.openbsd.org/pf.conf#QUEUEING> >
Replying to myself. Seems I suggested the "rate" statement of [1] and [2]. [1] <https://man.openbsd.org/pf.conf#State_Limiters> [2] <https://man.openbsd.org/pf.conf#Source_Limiters> -- Regards.
