I am trying to implement a flood control mechanism to prevent robots
requesting pages after pages at an "inhuman" rate.

My basic idea is this:
* A FirstInFirstOut List stored in the HttpSession, that records the time of
the user's last 10 requests.
* On each new request, a filter compares the current time with the time of
the 10th previous request. If not enough time went by, redirect to a "delay
page" that requires the user to press a "Continue" button. Pipe the new
request and its time, and pipe out the 10th previous request.

The problem with that design: in some cases, one single request from the
user will go through the filters several times because of various possible
internal redirects. But I only want to record the times of the requests
coming directly from the user.

Therefore my question: Is there a simple straightforward way, from the
filter's point of view, to distinguish between a request that came from
outside (from the user), from an internal request (one that came through a
redirection from ActionMapping to ActionMapping)?