added some DDoS protection referenced from https://easyengine.io/tutorials/nginx/fail2ban/ adding a new Fail2Ban filter dubbed nginx-req-limit

conf/fail2ban/filter.d/nginx-req-limit.conf

@@ -0,0 +1,13 @@
+# Fail2Ban configuration file
+#
+# supports: ngx_http_limit_req_module module
+
+[Definition]
+
+failregex = limiting requests, excess:.* by zone.*client: <HOST>
+
+# Option: ignoreregex
+# Notes.: regex to ignore. If this regex matches, the line is ignored.
+# Values: TEXT
+#
+ignoreregex =

conf/fail2ban/jails.conf

@@ -78,3 +78,12 @@ bantime = 3600
 
 [ssh-ddos]
 enabled  = true
+
+[nginx-req-limit]
+
+enabled = true
+filter = nginx-req-limit
+action = iptables-multiport[name=ReqLimit, port="http,https", protocol=tcp]
+logpath = /var/log/nginx/*error.log
+findtime = 600
+bantime = 7200