Two filter files, one for GET reqs and one for POST:
# fail2ban filter configuration for nginx GET denied accesses
[INCLUDES]
before = nginx-error-common.conf
[Definition]
failregex = ^.*\[crit\].* Permission denied\), client: <HOST>.*request: "GET
ignoreregex = .*/public/api.*
.*/artix/.*
.*/packages/.*
# fail2ban filter configuration for nginx POST denied accesses
[INCLUDES]
before = nginx-error-common.conf
[Definition]
failregex = ^.*\[crit\].* Permission denied\), client: <HOST>.*request: "POST
ignoreregex = .*/artix/.*
Limits set in /etc/fail2ban/jail.local:
[nginx-denied-get]
findtime = 1m
maxretry = 120
port = http,https
logpath = %(nginx_error_log)s
enabled = true
[nginx-denied-post]
findtime = 1m
maxretry = 90
port = http,https
logpath = %(nginx_error_log)s
enabled = true
120 failed GETs/min is a lot, it befuddles me how you still earn bans.