autoban functionality.

[manast]

trafficstars

We should have some mechanism to autoban ips that tries to makes attacks by some rules:

• Accessing often to inexistent urls (trying to find backdoors).
• Making DDOS attacks.

[KpjComp]

Having some sort of DDOS attack protection in redbird would be great..

But rather than banning, may I offer another suggestion.. Just progressively slow down requests, something v.simple in Node. Of course the hardest part here is getting a good algorithm that slows down in a sensible way,.. eg. slowing down requests because favion.ico or robots.txt was requested wouldn't be ideal..

The really nice thing about slowing down, rather than banning. It's holding the DDOS attackers resources., without having much effect on ours.

[ghost]

@manast @KpjComp I think it would be a lot better to have some sort of security extension API or middleware, so we could write our own code and do both banning and slowing down or even more... It would be fun to filter spam before it reaches the server for example. I am not sure whether we can read the messages or just monitor the traffic though. In general it is a lot better to let others work on these kind of features and concentrate on the primary topic instead. That's why for example nodejs or the facebook API is successful. Using those 4k developers who starred the project would be wise.