Add fail2ban configuration

files/fail2ban/filter.d/nginx-req-limit.conf

@@ -0,0 +1,15 @@
+# Managed by Ansible
+
+# Fail2Ban configuration file
+#
+# supports: ngx_http_limit_req_module module
+
+[Definition]
+
+failregex = limiting requests, excess:.* by zone.*client: <HOST>
+
+# Option: ignoreregex
+# Notes.: regex to ignore. If this regex matches, the line is ignored.
+# Values: TEXT
+#
+ignoreregex =

files/fail2ban/jail.d/nginx-req-limit.conf

@@ -0,0 +1,11 @@
+# Managed by Ansible
+
+[nginx-req-limit]
+
+enabled = true
+filter = nginx-req-limit
+action = iptables-multiport[name=ReqLimit, port="http,https", protocol=tcp]
+logpath = /var/log/nginx/*error.log
+findtime = 600
+bantime = 7200
+maxretry = 10