Yes, I'd recommend pf. If you've never worked with it before, the PF section of the FAQ is an excellent starting point.
http://www.openbsd.org/faq/pf/index.html Xavier Mertens wrote:
Hi *, I've a problem with an Apache web server hit by f*cking spammers... I would like to filter some URLs (unused but still used by the bots) *BEFORE* they reach the httpd processes. What could be the best method? pf? something else? Thanks! Xavier