Germany's "Bundesamt für Sicherheit in der Informationstechnik (BSI)" released a warning "BSI IT-Sicherheitswarnung 22/2011, DDoS-Angriffe auf deutsche Webseiten" on September 8th 2011. This document describes new activities by botnet "Miner", which tries to attack and tear down German Web applications.
It is best to block recognizable requests. This can be done by configuring the Web application appropriately. A better way is to use a Web Application Firewall (like Airlock) to separate security tasks from business functionality.
With Airlock, follow this procedure:
SecurityGateway * AuthproxyFilterDenyHeaderRegex.3 "^Accept-Language:[[:space:]]*ru"
SecurityGateway * AuthproxyFilterDenyHeaderRegex.<new index> "^Accept-Language:[[:space:]]*ru"
This will prevent all requests with HTTP header "Accept-Language: ru" from reaching the back-end application.
This configuration potentially prevents users based in Russia from reaching the back-end application.