It looks I spoke too soon about my use of iptables to block out of control web crawlers. Our Koha installation is now being attacked by crawlers, and there are so many that using iptables isn't practical. Examining /var/log/apache2/other_vhosts_access.log shows that these crawlers don't use any identification that can be used by fail2ban. Here are a couple of them (with the name of our library changed, and URLs shorted): koha.example.com:443 14.248.94.197 - - [10/Jul/2025:17:19:11 -0400] "GET /cgi-bin/koha/opac-search.pl?... HTTP/1.1" 200 15946 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_1 rv:4.0; bem-ZM) AppleWebKit/535.45.1 (KHTML, like Gecko) Version/4.0.2 Safari/535.45.1" koha.example.com:443 200.71.98.253 - - [10/Jul/2025:17:19:11 -0400] "GET /cgi-bin/koha/opac-search.pl?... HTTP/1.1" 200 15960 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows CE; Trident/4.0)" Running a grep|sed|sort|uniq filter on the log show that we're being attacked by almost 1000 crawlers today. I've tried adding these lines to /etc/apache2/apache2.conf: <IfModule mpm_worker_module> MaxRequestWorkers 5 </IfModule> But the attacks still keep both CPUs busy; top reports them as follows: PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 10319 rpl-koha 20 0 288340 234040 20880 R 80.1 5.9 0:04.14 /usr/share/koha 10085 rpl-koha 20 0 0 0 0 R 68.1 0.0 0:17.03 starman worker I'm not sure what to do next. I had thought of using the apache2 authz_core module to restrict Koha to a handful of IP addresses, such as those used by computers at the library. But this would prevent patrons from accessing the OPAC from home. I'm pretty desperate now. Suggestions welcome. This is on Linode, in case that makes a difference. -- I'm doing my part to help preserve life on earth by trying to preserve my own. --Ashleigh Brilliant