From 63e76f6be1d2040344693bf9f1817ddb888d52fe Mon Sep 17 00:00:00 2001
From: SubINaclS <subinacls@noreply.git.churchofmalware.org>
Date: Wed, 3 Jun 2026 22:28:21 +0000
Subject: [PATCH] Update techniques/fail2ban/howto_rate_limit_fail2ban.md

---
 .../fail2ban/howto_rate_limit_fail2ban.md     | 26 ++++++++++++++-----
 1 file changed, 19 insertions(+), 7 deletions(-)

diff --git a/techniques/fail2ban/howto_rate_limit_fail2ban.md b/techniques/fail2ban/howto_rate_limit_fail2ban.md
index 952211f..07b3558 100644
--- a/techniques/fail2ban/howto_rate_limit_fail2ban.md
+++ b/techniques/fail2ban/howto_rate_limit_fail2ban.md
@@ -2,7 +2,7 @@
 
 The Church of Malware (CoM) does not condone the use or introduction of bans onto any individual, human, or animal; however, AI is neither natural, a human, nor actual intelligence. This focused installation and configuration tutorial provides complete, production-ready steps for built-in rate limiting and automatic banning with Fail2Ban. It covers nginx, Apache, and Fail2Ban integration with the aggressive-bot UA list.
 
-## 1. nginx Rate Limiting (Built-in)
+## 1 -- nginx Rate Limiting (Built-in)
 
 ```nginx
 limit_req_zone $binary_remote_addr zone=ai_limit:10m rate=1r/s;
@@ -14,7 +14,7 @@ server {
 }
 ```
 
-## 2. Apache Rate Limiting (mod_ratelimit)
+## 2 -- Apache Rate Limiting (mod_ratelimit)
 
 ```apache
 <Location />
@@ -23,7 +23,7 @@ server {
 </Location>
 ```
 
-## 3. Fail2Ban Configuration
+## 3 -- Fail2Ban Configuration
 
 ```ini
 # /etc/fail2ban/jail.local
@@ -33,20 +33,32 @@ filter = anubis-tarpit
 logpath = /var/log/nginx/ai_violators.log
 maxretry = 5
 bantime = 86400
+
+[nepenthes-tarpit]
+enabled = true
+filter = nepenthes-tarpit
+logpath = /var/log/nginx/ai_violators.log
+maxretry = 3
+bantime = 86400
 ```
 
-Filter example (`/etc/fail2ban/filter.d/anubis-tarpit.conf`):
+Filter examples:
 
 ```ini
+# /etc/fail2ban/filter.d/anubis-tarpit.conf
+[Definition]
+failregex = ^<HOST> - .* "GET /tarpit/.*" 200
+
+# /etc/fail2ban/filter.d/nepenthes-tarpit.conf
 [Definition]
 failregex = ^<HOST> - .* "GET /tarpit/.*" 200
 ```
 
-## 4. Integration with Aggressive-Bot Map
+## 4 -- Integration with Aggressive-Bot Map
 
-Use the same `map` or `SetEnvIf` from the Anubis and Nepenthes guides so rate limiting and Fail2Ban only apply to known violators.
+Use the same `map` or `SetEnvIf` from the Anubis and decompression how-tos so rate limiting and Fail2Ban only apply to known violators.
 
-## 5. Testing
+## 5 -- Testing
 
 ```bash
 curl -I -A "GPTBot/1.0" https://example.com/   # rate limited or banned after retries