Am 27.01.2026 um 03:50 schrieb Lloyd: > Christian Schulte wrote: > >> The only option I see is grepping the log file for those >> status codes (404, 406, 429, some location, etc.) and use the IP >> information for creating pf rules. Having httpd in base do something >> like this automatically like e.g. spamd would be a cool feature to have. >> Something like: Make httpd detect IPs sending too many requests and make >> it manage some pf table to block that IP for some time automatically >> similar to spamd. > > I would argue this would be a perfect job for relayd, not httpd. httpd > lacks kitchen-sink features by design, let relayd do the heavy lifting > for which it's better equipped. >
Did not know about relayd. At a first look, it seemed like a perfect place to add functionality like this. Thinking about it. Sadly this will all "kick in" way too late. Most efficient would be to add this to the in kernel packet filter in some way. Something like: Add something to the pf.conf grammar allowing to declare limits based on the initiating endpoint rather than the targeted endpoint. Not sure about it. Similar to queuing[1] but with reversed semantics. [1] <https://man.openbsd.org/pf.conf#QUEUEING>
