Help with BFD rule to stop multiple http requests


Well-Known Member
Oct 30, 2001
A domain on my server is getting "attacked" by someone who is using a script to generate 10-20 requests per second for the index file of the web site. The requests come from as many as 20-30 different IPs at a time and it seems that it detects when I block the IPs in APF deny.hosts and switches to different IPs. If I don't block the IPs it kees using the same ones.

I was thinking to add a BFD rule to check the domain's log file and block the IP addresses automatically if it detects >n requests from the same IP. Does anybody have the code for such a rule or do you know where can I find it? Your help would be appreciated.