WIP: Better traffic management at our front door

When traffic enters production, we often have need to respond in ways beyond just forwarding the request to services. We often want to deny access based on IP address, request headers, or URI paths. And sometimes we want to send specific responses back to encourage different behavior, such as tarpits or 429 responses for rate limit violations. Etc.

Currently our pattern is to add these rules ad-hoc and they are added differently, with different rules, etc.

We should have a set series of buckets defined that allow us to easily add a new pattern to match and pick an already existing bucket that will respond in a similar way.

Some benefits from this approach:

• Faster response to production issues that require a denial or re-routing of traffic.
• Reduce the number of hand-crafted solutions to a smaller number of often repeatable and reproducible results.
• Finding and removing blocks and other rules should be easier.
• A less custom and more predictable configuration to manage, read, and change.