Any serious DDos is not possible to mitigate at an application server level. By the time you get to the application server, the request will already have used up a signficant amount of resources. The place to defend against DDoS is at edge routers. In any case, given that calibre is a personal server, I dont exactly see worrying about DDoSes as in its remit.
The best way to protect HTTP application servers in general is to set them up behind a reverse proxy such as nginx. Then you can implement all your safety features/IP bans etc in one place, before any heavy application resources are utilized.
|