selfhosted/fail2ban/filter.d/nginx-429.conf

[Definition]
# JSON access log with x_forwarded_for preferred, else remote_addr
failregex = ^.*"x_forwarded_for":"<HOST>(?:, [^"]+)?".*"status":429.*$
            ^.*"remote_addr":"<HOST>".*"status":429.*$

ignoreregex = ^.*"request_uri":"\/(?:stub_status|health\/system|health\/worker|pgadmin4(?:\/|$)|\.well-known\/acme-challenge\/|.*\.(?:css|js|png|jpg|jpeg|gif|svg|ico|webp|woff2?))".*$