Filters You can customize, improve the filters Fail2Ban uses. You can find the filters in /etc/fail2ban/filter.d/. Below is a small collection of filters for the services, I have already covered.  nginx-http-auth.conf [Definition] failregex = ^ \[error\] \d+#\d+: \*\d+ user "\S+":? (password mismatch|was not found in ".*"), client: , server: \S+, request: "\S+ \S+ HTTP/\d+\.\d+", host: "\S+"\s*$ ^ \[error\] \d+#\d+: \*\d+ no user/password was provided for basic authentication, client: , server: \S+, request: "\S+ \S+ HTTP/\d+\.\d+", host: "\S+"\s*$ ignoreregex = nginx-badbots.conf sudo cp apache-badbots.conf nginx-badbots.conf nginx-noscript [Definition] failregex = ^ -.*GET.*(\.php|\.asp|\.exe|\.pl|\.cgi|\.scgi) ignoreregex = nginx-noproxy [Definition] failregex = ^ -.*GET http.* ignoreregex = MongoDB mongo-auth.conf [INCLUDES] before = common.conf [Definition] _daemon = mongodb failregex = ^.*[aA]uthentication [fF]ail(ed|ure) for \w+ on \w+ from client :[0-9].*|$ ignoreregex = # Author: luiseok (https://github.com/luiseok)