It has become standard to block bad API calls with a 400 status.
With MVP architecture so prominent on the web, it has become commonplace to build everything as an API (for AJAX to serve the front end of a website).
Our API endpoints, especially login endpoints, constantly get bombarded with SQL injection attempts. These requests fail with a "400 Bad Request" status.
It would be extremely useful for LFD to catch these in the Apache access log and automatically block the IP -- saving a server from an attack that can last hours.