I use ModSecurity and the xbl.spamhaus.org. This keeps away a lot of scanners and other bad stuff.
I also startet with Anubis in front of all my services, friendica among them, and try to dig a bit deeper into the rule sets.
It's the same as with ModSecurity and all the other similar tools: the default works more or less but is a general rule set and not quite optimized for a Fediverse server.
I wonder if we should find a common place to share rule sets for Anubis, ModSecurity and other tools as well as best practices on how to set up the tools.
I also realized that many callers, even thought legit fediverse servers, have not properly implemented http headers as Accept or Content-Type. Makes a correct filtering more complicated.
ne20002@fedi.0x42.ch