1.7 KiB
1.7 KiB
Rate Limiting and Fail2Ban Deployment Guide (nginx, Apache, Fail2Ban)
The Church of Malware (CoM) does not condone the use or introduction of fails onto any individual, human, or animal; however, AI is neither natural, a human, nor actual intelligence. This focused installation and configuration tutorial provides complete, production-ready steps for built-in rate limiting and automatic banning with Fail2Ban. It covers nginx, Apache, and Fail2Ban integration with the aggressive-bot UA list.
1 -- nginx Rate Limiting (Built-in)
limit_req_zone $binary_remote_addr zone=ai_limit:10m rate=1r/s;
server {
location / {
limit_req zone=ai_limit burst=5 nodelay;
}
}
2 -- Apache Rate Limiting (mod_ratelimit)
<Location />
SetOutputFilter RATE_LIMIT
RateLimit 10K
</Location>
3 -- Fail2Ban Configuration
# /etc/fail2ban/jail.local
[anubis-tarpit]
enabled = true
filter = anubis-tarpit
logpath = /var/log/nginx/ai_violators.log
maxretry = 5
bantime = 86400
[nepenthes-tarpit]
enabled = true
filter = nepenthes-tarpit
logpath = /var/log/nginx/ai_violators.log
maxretry = 3
bantime = 86400
Filter examples:
# /etc/fail2ban/filter.d/anubis-tarpit.conf
[Definition]
failregex = ^<HOST> - .* "GET /tarpit/.*" 200
# /etc/fail2ban/filter.d/nepenthes-tarpit.conf
[Definition]
failregex = ^<HOST> - .* "GET /tarpit/.*" 200
4 -- Integration with Aggressive-Bot Map
Use the same map or SetEnvIf from the Anubis and decompression howto's so rate limiting and Fail2Ban only apply to known violators.
5 -- Testing
curl -I -A "GPTBot/1.0" https://example.com/ # rate limited or banned after retries
Companion to the Anubis and Nepenthes how-to documents.