Say this was a malicious actor, how would one place a block/filter for this type of activity? Track each IP request and rate limit on an individual level?