I'm in BotNet Hell! Just because I run a popular site, for weeks now I'm on the receiving end of a submit spam bot targeting my reviews section, it is all failing due to my CMS Captcha, plus all reviews have to be approved manually anyway, but the level of attack is bringing my server near its limit.

I've blocked the whole continent of South America, I was about to block all China & Eastern Europe, but today the same BotNet is coming from the US, blocking by IP and reporting to ISPs is useless.

In Plain English Please:
What Apache module do I ask my hosting company to configure/install in order to limit the concurrent connections from a single IP to say 40 requests per minute max.

What exact wording should I use in that request so that the job gets done?

(Dedicated hosting/Linux/Apache/apf firewall)