(some of) my extant site protections involve pattern matching on the raw strings that comprise GET and POST data. Traffic from IP addresses deemed suspect get a 418 response rather than any page code being… Thoughts on further site protections