My server is getting hit with a variety if requests like the following:
Started GET "/key/values"
ActionController::RoutingError (No route matches [GET] "/key/values")
Started GET "/loaded"
ActionController::RoutingError (No route matches [GET] "/loaded")
Started GET "/top/left"
ActionController::RoutingError (No route matches [GET] "/top/left")
How should I defend against such attacks? Will these requests slow down my site even if they do not get a response?
These requests usually don't slow down your site, unless you are being attacked/DDoS.
You may want to consider Fail2ban.
Fail2ban scans log files (e.g. /var/log/apache/error_log) and bans IPs that show the malicious signs -- too many password failures, seeking for exploits, etc. Generally Fail2Ban is then used to update firewall rules to reject the IP addresses for a specified amount of time, although any arbitrary other action (e.g. sending an email) could also be configured. Out of the box Fail2Ban comes with filters for various services (apache, courier, ssh, etc).
Fail2Ban is able to reduce the rate of incorrect authentications attempts however it cannot eliminate the risk that weak authentication presents.
Source: http://www.fail2ban.org/
