I am looking to protect my Tomcat-based web apps from bots and other infected and compromised systems. I have been doing some research, and found this article on Apache HTTPD and an apache module named mod_access_rbl. Is there anything similar that is available for Tomcat, implemented as either a servlet or a valve?
Any other ideas you might have in protecting web apps from bots would be welcomed. Of particular concern is "click fraud", where bots come in and click on ads and such on your site and screw up your numbers.