diff --git a/fail2ban/filter.d/nginx-4xx.conf b/fail2ban/filter.d/nginx-4xx.conf
index 1be4e0e..79c8e89 100644
--- a/fail2ban/filter.d/nginx-4xx.conf
+++ b/fail2ban/filter.d/nginx-4xx.conf
@@ -1,6 +1,11 @@
 [Definition]
-# Match either x_forwarded_for (preferred) or remote_addr
+
+# ✅ Match any 4xx status (including 401, 499) for all paths
 failregex = ^.*"x_forwarded_for":"<HOST>".*"status":4\d\d.*$
             ^.*"remote_addr":"<HOST>".*"status":4\d\d.*$
 
-ignoreregex = ^.*"request_uri":"\/(?:stub_status|health\/system|health\/worker|pgadmin4(?:\/|$)|\.well-known\/acme-challenge\/|.*\.(?:css|js|png|jpg|jpeg|gif|svg|ico|webp|woff2?))".*$
\ No newline at end of file
+# ❌ Ignore:
+# - ALL status codes under /pgadmin4 (including 401, 499, 404, etc.)
+# - Static files and known safe URIs
+ignoreregex = ^.*"request_uri":"\/pgadmin4(?:\/[^"]*)?".*$
+              ^.*"request_uri":"\/(?:stub_status|health\/system|health\/worker|\.well-known\/acme-challenge\/[^"]*|[^"]*\.(?:css|js|png|jpg|jpeg|gif|svg|ico|webp|woff2?))".*$
\ No newline at end of file