sknebelyeah. I didn't have issues with too many requests from individual IPs etc either, so need to have the full logs for blocking. and if it appears, I can adjust my policy appropriately (e.g. log suspicious subnets, or keep additional short-term logs to identify repeat offenders)
