One option I have considered is to forward to my server on a port I have a sentry on, which will block the IP at the firewall, so there will be no further contact (and no write to the logs!) I set up a return REDIRECT, but that sends a 302 with the new URL, and that hits my logs. NOT a good solution.

Why not also push a specialized log handler onto the stack that will prevent logging for that namespace?