Implement a new Request Rate Limit HttpHandler that can limit the number of requests allowed from a single IP address (or single HttpSession) within a time window. For example, 300 requests per 60 seconds. This can help to mitigate Denial of Service (DoS) and Brute Force attacks.

FYI: Tomcat already has a similar feature through its built-in filter implementation.