# Rate Limiting and Fail2Ban Deployment Guide (nginx, Apache, Fail2Ban)

The Church of Malware (CoM) does not condone the use or introduction of fails onto any individual, human, or animal; however, AI is neither natural, a human, nor actual intelligence. This focused installation and configuration tutorial provides complete, production-ready steps for built-in rate limiting and automatic banning with Fail2Ban. It covers nginx, Apache, and Fail2Ban integration with the aggressive-bot UA list.

## 1 -- nginx Rate Limiting (Built-in)

```nginx
limit_req_zone $binary_remote_addr zone=ai_limit:10m rate=1r/s;

server {
    location / {
        limit_req zone=ai_limit burst=5 nodelay;
    }
}
```

## 2 -- Apache Rate Limiting (mod_ratelimit)

```apache
<Location />
    SetOutputFilter RATE_LIMIT
    RateLimit 10K
</Location>
```

## 3 -- Fail2Ban Configuration

```ini
# /etc/fail2ban/jail.local
[anubis-tarpit]
enabled = true
filter = anubis-tarpit
logpath = /var/log/nginx/ai_violators.log
maxretry = 5
bantime = 86400

[nepenthes-tarpit]
enabled = true
filter = nepenthes-tarpit
logpath = /var/log/nginx/ai_violators.log
maxretry = 3
bantime = 86400
```

Filter examples:

```ini
# /etc/fail2ban/filter.d/anubis-tarpit.conf
[Definition]
failregex = ^<HOST> - .* "GET /tarpit/.*" 200

# /etc/fail2ban/filter.d/nepenthes-tarpit.conf
[Definition]
failregex = ^<HOST> - .* "GET /tarpit/.*" 200
```

## 4 -- Integration with Aggressive-Bot Map

Use the same `map` or `SetEnvIf` from the Anubis and decompression howto's so rate limiting and Fail2Ban only apply to known violators.

## 5 -- Testing

```bash
curl -I -A "GPTBot/1.0" https://example.com/   # rate limited or banned after retries
```

*Companion to the Anubis and Nepenthes how-to documents.*