> I rate limit them using the user-agent Maybe this is the best solution, although of course it doesn't rate limit real attackers. Is there a good method for monitoring which UAs request pages above a certain rate so I can write a limit for them? - Grant