I find on my server which previously had ikonboard on it a great number of idiots are attempting to load ikonboard.cgi 400+ times in a row. I suspect there is some sort of exploit against it, but regardless it's the same match as the rest of apache-noscript but there is currently no .cgi extension. It's easy to add of course, so I have done that, but suggesting it be added to the default apache-noscript config.