> one thing you could do is to run an instance of apache on a high port, > and put in a redirect call to forward the blocked ip's to localhost on > the high port
The other port idea makes sense and sounds like a good method, thanks! I think I will look for a smaller webserver though as it seems a bit overkill to run another Apache just for this purpose. I'm also thinking such a redirect in combination with a maximum connections rule on the 8081 port could distinguish actual scanners (like Nikto etc) from the incidental unfortunate user that locks himself out. And in realtime opposed to the error log parse for port 80 which has some minutes delay. Thanks again! Matt
