Thanks all for your responses. Just to be clear: I am not currently under attack. When my boss found out that I'd enabled something that could block IP's from our web site, he became anxious. I just wanted to explore the possibility that Active Response could cause more problems than it prevents.
- [ossec-list] RE: Active Response on Public Web Server Toby