>> You might be able to slow them down. Depending what sort of control >> you have over the HTTP bits stuffed on the wire, when you encounter >> requests for such pages, you can have the thread serving the >> connection slow its responses to a crawl, issue "100 Continue" >> responses, etc. Chris> Isn't this the same as a DOS attack on yur own server, though? Not if you have a multi-threaded server. Legitimate requests will be handled by new threads. Legitimate 404's (stuff not on your list of "obvious scan attempts") will get 404'd immediately. You might pile up a few sleepy threads, but all-in-all the load on your server should be quite modest. The only problem you might encounter would be if your server got blasted by large numbers of such requests in a very short period of time. To avoid this problem you could cap the number of "sluggish" responses at some figure, after which you simply fall back to regular 404 responses. Skip