Hi, I just build a script Perl and Bash that analyse the log files of a web site and show all ip that are send the same request in some time. For example, can filter all clients that are send the request "GET / HTTP/1.1" without any user agent, for 2000 times in 10 minutes.. and then the script will ask to the you if want to show details or if want to block with iptables/ipfw/nullrouting. This can prevent DDoS attacks that the firewall don't block, if by example one IP open just 4 simultaneous connections the firewall will not block them but the ip are able to send the HTTP request and contribute to create loads. If there are 1000 IP like this case, this script can block it. But of course, this is just one layer of DDoS attack. When block the HTTP request there are always syn_sent connections from banned ip and this will solve with others methods. This Script prevent CPU Load and request abuse from botnet and user attackers. I sell this script for 25$ Installation and support included. Thank you, RAFFAELE