1. Log and block on 3 or more POSTs to [url removed, login to view] from the same IP
2. Log and block on 10 requests for [url removed, login to view] from the same IP
3. Log and block on 3 or more POSTs resulting in "303" http codes from the same IP
4. Log and block on requests for a particular file, on a specific domain
5. Log and block on 20 POSTS from the same IP within 60 seconds
Review my apache logs for 1 Joomla web site, and 1 wordpress web site and come up with a few more rules that would work well.
The server is CentOS and running apache 2.4.
Please bid towards the lower end of the range.