Notes to self, running on Ubuntu 20.04. This is to ban access to a specific web page rather than a service like SSH.
Install fail2ban. pyinotify is the default backend.
sudo apt install inotify-tools inotify-hookable python-pyinotify sudo apt install fail2ban
In /etc/fail2ban, copy jail.conf to jail.local. Edit jail.local by uncommenting the ignoreip line and adding your IP address so you don’t accidentally lock yourself out.
ignoreip = 127.0.0.1/8 ::1 IP_ADDRESS
In /etc/fail2ban/filter.d create a file JAILNAME.conf with the text below:
[Definition] failregex = ^<HOST> -.*"(GET|POST|HEAD) /PATHTOPAGE HTTP/1.1" 200 ignoreregex =
In /etc/fail2ban/jail.d create a file JAILNAME.conf with the text below:
[JAILNAME] enabled = true port = http,https filter = JAILNAME logpath = PATH_TO_LOGFILE maxretry = 3 findtime = XXXXXX bantime = XXXXXX
service fail2ban restart systemctl status fail2ban
fail2ban-client status fail2ban-client status JAILNAME sudo fail2ban-client set JAILNAME banip IP_ADDRESS sudo fail2ban-client set JAILNAME unbanip IP_ADDRESS