Hello
Dynamic IP Restrictions initially seemed like it would solve a problem that I have been plauged with for years, but seems to work as a blanket rule across a whole website, and I am struggling to see how I can use it in our real world environment.
For example, if you have an existing webpage that has numerous assets (css, javascripts, images etc.) and are denying IP's based on number of requests over time, you would need to set the number of requests to a relatively large number - relative to the number of assets you expect to serve to a genuine user over a short timeframe/per request; probably no more than a second or two to allow them to navigate around the site uninteruppted. Badly behaved bots, DOS or brute force attacks however don't care about all the external assets, and could hammer the page many more times than normal user in the same time period, before being rejected.
I cant even see a way to rewrite the requests for assets to another website (without Dynamic IP Restrictions) to pick up assets, as the initial request still hits the Dynamic IP Restriction. You would have to structure, and/or rewrite your entire website to request assets from a different domain directly from the start.
If you could limit it to certain filetypes, you could still serve external unlimited assets, but restrict access to your server side scripts, which is where most problems occur.
Is this ever likely to be considered for inclusion, or is there some other way to achieve the same thing that I am missing?
Thanks!