前排提示，我使用的是OpenResty而不是Nginx

访问日志路径是不一样的，需要根据情况进行替换

首先创建一个新文件：

/etc/fail2ban/filter.d/openresty-http-get-dos.conf

内容填写

[Definition]

failregex = ^<HOST> - .* "(GET|POST) .* HTTP.*"

这个正则表达式将会匹配所有的GET和POST请求，并提取IP地址。

接着是修改配置文件

/etc/fail2ban/jail.local

内容为：

[DEFAULT]

bantime = 600

findtime = 300

maxretry = 5

banaction = iptables-allports

action = %(action_mwl)s

[openresty-http-get-dos]

enabled = true

filter = openresty-http-get-dos

logpath = /opt/1panel/apps/openresty/openresty/www/sites/chiban.fyi/log/access.log

port = 443

maxretry = 5

findtime = 1

bantime = 600

banaction = iptables-allports

在这里，findtime = 1表示在1秒钟内，maxretry = 5表示超过5次请求的IP地址会被封禁。

注意 banaction = iptables-allports 封禁动作由iptable执行，实际使用应该根据自己安装的防火墙类型进行调整
例如ufw防火墙为

[openresty-http-get-dos]

enabled = true

filter = openresty-http-get-dos

logpath = /opt/1panel/apps/openresty/openresty/www/sites/chiban.fyi/log/access.log

port = 443

maxretry = 5

findtime = 1

bantime = 600

banaction = ufw

action = %(action_mwl)s

重启fail2ban

sudo systemctl restart fail2ban

查看封禁ip：

sudo fail2ban-client status openresty-http-get-dos