Fail2ban is a software that reads logs and bans IP addresses (IPv4 and IPv6) that abuse the system or perform actions that correspond to certain reasons for banning them.
https://fr.wikipedia.org/wiki/Fail2ban
I find it unfortunate that certain errors (http 400, for example) are not banned by default.
Here are my files:
excerpt from /etc/fail2ban/jail.local (which is a copy of /etc/fail2ban/jail.conf)
[nginx-3xx] enabled = true port = http,https logpath = /var/log/nginx/access.log backend = polling bantime = 30d [nginx-4xx] enabled = true port = http,https logpath = /var/log/nginx/access.log backend = polling bantime = 30d [nginx-400] enabled = true port = http,https logpath = /var/log/nginx/access.log backend = polling bantime = 30d maxretry = 0
fichier complet pour /etc/fail2ban/filter.d/nginx-3xx.conf
[Definition] failregex = ^<HOST>.*"(GET|POST|HEAD).*" (301|302) .*$ ignoreregex =
complete file for /etc/fail2ban/filter.d/nginx-4xx.conf
[Definition] failregex = ^<HOST>.*"(GET|POST|HEAD).*" (404|444|403|405) .*$ ignoreregex =
complete file for /etc/fail2ban/filter.d/nginx-400.conf
[Definition] failregex = ^<HOST>.*".*" (400) .*$ ignoreregex =