Hi, I have an idea for a possibly useful feature.
How about some possibility to "keep" a certain IP in a "sandbox", where we can filter all it's traffic trough a virus/intrusion detection filter, then allow it to be trusted for X hours/days and pass it out to the general loadbalancing queue?
I recently had an attack where it would have been great if I could filter the first 100 connections from that IP trouugh a squid/clamd/etc supported backend, it would have caught the attack (namely: upload of malware).
What do you think. Levente
