For your first question, look into a rate limiter such as this github.com/jhurliman/node-rate-limiter - there are more..
Second question - get access to the user-agent on the incoming request. A lib like this will help: github.com/biggora/express-useragent