Could this just be bog standard IP blocking to prevent DoS attacks?

Or short of that, just a resource usage limiter? We had to do that once to prevent rogue client applications to our ASP from hogging disproportionate amounts of system resource and reducing service levels of our other clients.