The rewrite rules below are what we're currently using to block some common worms and attacks on this server/reverse-proxy.
This blocking give some protection against common worms for servers that are behind this reverse-proxy, but the main reason for the blocking is that it significantly reduces the load on the actual web servers. I created this after realizing (and getting pissed off by) the fact that 50-90% of all requests to our servers were attacks by worms and/or crackers.
If you like it, use it. You might want to change some stuff (for most servers, limiting URIs to 127 characters instead of 255 makes sense for example). And spread it to others if you think they'll find it usefull (it has been published once, in a newsletter from Ziff Davis IIRC).
Regards
/Jonas Eckerman
[an error occurred while processing this directive]
(2004-10-08)