A simple one liner firewall that blocks bad bots trying to login to any resource behind nginx.
This example is for using with WordPress. Check 'More details' link for using in other scenarios.
awk '{ if($9 ~ "login" && int($10) == 200 && $8 == "POST" && int($7) == 443) print $1, $6, $9, $10}' /var/log/nginx/access.log | sort -k1 -k2 | uniq -c | awk 'int($1) > 10 {print $2, $1}'
log_format compressed '$remote_addr $realip_remote_addr $time_local $server_name $host $server_port $request_method $uri $status';
cat /nginx_fail2ban_firewall.sh
awk '{ if($9 ~ "wp-login" && int($10) == 200 && $8 == "POST" && int($7) == 443) print $1, $6, $9, $10}' /var/log/nginx/access.log | sort -k1 -k2 | uniq -c | awk 'int($1) > 10 {print $2}' | while read line; do fail2ban-client set nginx-http-auth banip "$line"; done
cat /etc/crontab
* * * * * root /root/nginx_fail2ban_firewall.sh >> /dev/null 2>&1
https://iservit.ro/tutorial/one-line-firewall-for-nginx-w-fail2ban/