fail2ban nginx 404 400 403 444 filter /etc/fail2ban/filter.d/nginx-4xx.conf enable

jail.conf

# to enable  this filter add to  jail.conf following (/etc/fail2ban/jail.conf)
# Thanks to -> TheBarret

[nginx-4xx]
enabled = true
port = http,https
logpath = /var/log/nginx/access.log
maxretry = 3

nginx.conf

# vim /etc/fail2ban/filter.d/nginx-4xx.conf 

[Definition]
failregex = ^<HOST>.*"(GET|POST).*" (404|444|403|400) .*$
ignoreregex =

How do we enable this?

How do we enable this?

Add this to your jail.conf
[nginx-4xx]
enabled = true
port = http,https
logpath = /var/log/nginx/access.log
maxretry = 3

Do not use this rule. It's regex is too wide and fail2ban will trigger bans based on non-malicious requests.

Do not use this rule. It's regex is too wide and fail2ban will trigger bans based on non-malicious requests.

Works fine here tho, no problems so far.

Sorry. You are right.

I re-tested filter and noticed that I used fail2ban-regex --print-all-missed instead of fail2ban-regex --print-all-matched in my first test.

@TheBarret thanks

tank you. helpfull...