Domino allows to restrict access based on the remote IP address. That's fine, but not of much use in many cases. When it comes to fighting spam and unwanted robots, it would be much more usefull to be able to block access based on the user agent string. In Apache, this is a piece of cake. In Domino, I would have to write my own DSAPI filter.
"Wait!", I hear you say, "What is easier to spoof than a user agent string?"
True, but ... so what? I'm not even attempting to block whomever feels the need to send a modified user agent string. There might be perfectly valid reasons for that. I want to get rid of the bots that don't even try to hide their nature and intention by using user agent strings consisting of (or containing) "User-Agent", "Java", "Perl" or "" (yep, empty string) . Once I get those really nasty ones out of the way, I'll have more time to deal with other unpleasant guests.