From 1fb3434ff5e82ea57e907b9cb555250f84cd7d0f Mon Sep 17 00:00:00 2001
From: ChiefGyk <alon@ganon.me>
Date: Sat, 17 Dec 2016 15:43:03 -0500
Subject: [PATCH] added some DDoS protection referenced from
 https://easyengine.io/tutorials/nginx/fail2ban/ adding a new Fail2Ban filter
 dubbed nginx-req-limit

---
 conf/fail2ban/filter.d/nginx-req-limit.conf | 13 +++++++++++++
 conf/fail2ban/jails.conf                    |  9 +++++++++
 2 files changed, 22 insertions(+)
 create mode 100644 conf/fail2ban/filter.d/nginx-req-limit.conf

diff --git a/conf/fail2ban/filter.d/nginx-req-limit.conf b/conf/fail2ban/filter.d/nginx-req-limit.conf
new file mode 100644
index 00000000..fb1b70a7
--- /dev/null
+++ b/conf/fail2ban/filter.d/nginx-req-limit.conf
@@ -0,0 +1,13 @@
+# Fail2Ban configuration file
+#
+# supports: ngx_http_limit_req_module module
+
+[Definition]
+
+failregex = limiting requests, excess:.* by zone.*client: <HOST>
+
+# Option: ignoreregex
+# Notes.: regex to ignore. If this regex matches, the line is ignored.
+# Values: TEXT
+#
+ignoreregex =
\ No newline at end of file
diff --git a/conf/fail2ban/jails.conf b/conf/fail2ban/jails.conf
index 0146b64c..7a88229a 100644
--- a/conf/fail2ban/jails.conf
+++ b/conf/fail2ban/jails.conf
@@ -78,3 +78,12 @@ bantime = 3600
 
 [ssh-ddos]
 enabled  = true
+
+[nginx-req-limit]
+
+enabled = true
+filter = nginx-req-limit
+action = iptables-multiport[name=ReqLimit, port="http,https", protocol=tcp]
+logpath = /var/log/nginx/*error.log
+findtime = 600
+bantime = 7200