Am 27.01.2026 um 03:50 schrieb Lloyd: > Christian Schulte wrote: > >> The only option I see is grepping the log file for those >> status codes (404, 406, 429, some location, etc.) and use the IP >> information for creating pf rules. Having httpd in base do something >> like this automatically like e.g. spamd would be a cool feature to have. >> Something like: Make httpd detect IPs sending too many requests and make >> it manage some pf table to block that IP for some time automatically >> similar to spamd. > > I would argue this would be a perfect job for relayd, not httpd. httpd > lacks kitchen-sink features by design, let relayd do the heavy lifting > for which it's better equipped. > > Regards > Lloyd > >
What about something like this in /etc/pf.conf? source limiter "default" id 1 entries 100 limit 1 rate 1/10 pass in on egress from any to any source limiter "default" Just change 100, 1 and 1/10 as required. I somehow doubt a real human will need to create more than one state every 10 seconds.
