Five years ago, my security reviews were full of mitigations mostly abandoned today: selinux, ddos protection, ids, etc. Not that they were bad, but cloud infrastructure and containers have matured way beyond what we could foresee back then, and we're better off. For example, I advocated using HAProxy in AWS for better rate limiting and ip blacklisting. I even wrote a long doc on how to do it github.com/jvehent/haprox…. We never used it, mostly because scaling out is generally cheaper and simpler, then straight to cloudflare-type offerings.