Add the following new file named nginx-4xx.conf to /etc/fail2ban/filter.d/
[Definition] failregex = ^<HOST>.*"(GET|POST).*" (404|444|403|400) .*$ ignoreregex =
Now, open /etc/fail2ban/jail.conf and add the following block of code to the end of the file.
[nginx-4xx] enabled = true port = http,https filter = nginx-4xx logpath = /var/log/nginx/access.log bantime = 1800 findtime = 60 maxretry = 5
Now, restart process by running following command:
service fail2ban restart
To view status, including jailed IPs, you can run the following command:
fail2ban-client status nginx-4xx
