What you've got looks more complex than it should be (but I'm not spending the time to go through it in detail).1. That's not a filter in Apache terminology. 2. You're basically doing the same as mod_access/mod_authz_host but using a different lookup. 3. mod_rewrite can already do what you're looking for. If you want to drive it from SQL, you can use RewriteMap "dbd:your-SQL-query"
what i'm doing right now is: using the error log pipe to check for for suspicious errors. if enough errors happened i call iptables -A INPUT -d DROP -j 'IP'. for me doing all checks with a apache module seems to be more 'cleaner'.
