On Mon, Jul 13, 2020 at 07:15:45PM +1000, matthew green wrote: > i'm not sure i agree about 500 -> abusive behaviour. that's > when there's some _internal_ error and could just as easily > be caused by a human or code error on the server side. > > i don't know blocklist well enough to suggestion what we > should do here, but this feels wrong to me.
Sure, though I think there are no clear definitions here. For 401, on the other hand, blocklistd(8) can be useful, given that bruteforcing passwords of embedded devices is supposedly a common scenario. - Jukka