I've always wondered: has there been any effort to implement a PoW challenge like that at a lower level? I.e., TCP but the handshake requires solving a challenge, otherwise the connection is just closed? It seems like something that could benefit from being invisible on the application layer.

Edit: To answer my own question, yes: http://www.arijuels.com/wp-content/uploads/2013/09/JB99.pdf

Edit 2: Maybe TLS would be another reasonable place for it?

I did! It's very cool tech. However for our config it was easier to slap CF in front of it.

I will say one very appealing use of Anubis I'd love to try is using it as a Traefik middleware to protect services running in docker containers.