@WoodenDoorInspector ratelimiting for the server 'overall' exists already. they are using entire class C subnets requesting 1-2 people every 20-30 seconds so it flies under the radar because it's not "obvious" abuse until you start checking the logs and sorting by unique ip