Fail2ban has decent jails for Apache httpd.
And writing a rule that matches requests to nonexistent resources is very easy -- one-liners + time based threshold.
Basically you could ban differently according to the http errors they cause (e.g. bots on migrated resources: many 404 within a minute, Slowloris is visible as a lot of 408).
GuestFAUniverse|18 days ago