In theory, yes, this could be devised. This is something we’ve dabbled a little with privately, but it’s a sensitive system and if you get it wrong, it’s a disaster, particularly if you use page caching 🙂
The idea is already handled, in-part at least, through our collaboration with CrowdSec. This provides a ready-to-use list of flagged/bad IPs that are immediately blocked.
actually crowdsec didn’t helped me there, i need to do blocking myself on specific bots which may not be harmful.
do you care to elaborate a bit :-D?
I’ll do my best not to mess with cache like before :-“