Has anyone considered the problem of legitimate UAs which request a series of files which don't necessarily exist when they access your site? Requests for files like robots.txt, sitemap.xml, crossdomain.xml, apple-touch-icon.png, etc could quickly cause the UA to exceed the limit-req burst value. What is the right way to deal with this? - Grant