Fail2BanFail2Ban is amazing. It is a python script that monitors the apache logs and if it finds something bad, it blocks the IP address for a certain amount of time.
Overall config:
/etc/fail2ban/fail2ban.conf
Defining filter list:
/etc/fail2ban/jail.conf
Defining individual filters based on regex:
/etc/fail2ban/filter.d/filter-name.conf
Defining ignorecommands:
/etc/fail2ban/filter.d/ignorecommands/ignorecommand
You can test by using filters using fail2ban-regex <logfile> <filter> <ignorecommand>:
fail2ban-regex /var/log/httpd/access_log /etc/fail2ban/filter.d/apache-scan.conf
Or with an ignorecommand:
fail2ban-regex /var/log/httpd/access_log /etc/fail2ban/filter.d/apache-scan.conf /etc/fail2ban/filter.d/ignorecommands/ignorecommand
It will even pick up the ignorcommands already in the filter-name.conf:
fail2ban-regex /var/log/httpd/access_log /etc/fail2ban/filter.d/apache-scan.conf /etc/fail2ban/filter.d/apache-scan.conf
You can print the matches:
fail2ban-regex --print-all-matched /var/log/httpd/access_log /etc/fail2ban/filter.d/apache-scan.conf
There are a bunch of filters already available. It is just a matter of enabling them and defining them with a reach-back number (ie within the last 24 hours), a miss number (ie 3 strikes) and a block time (2 hr, 2 day, etc).
Since I've noticed that most traffic is through bad bots, that happens to be one of my favorites.