Fail2Ban + Cloudflare
When protecting a server fail2ban is a great tool for the job. It reads log files and bans IPs that show signs of malicious activity. There is a lot of support for and it can integrate well with other applications.
How I Use it
I use CloudFlare on all my sites. This means that when you connect to any of my sites, you connect to cloudflare then CloudFlare connects to my site. Because of this, I have an rule in nginx (which I added a the bottom) that blocks any connections that attempt to connect directly to my server. I decided to increase the protection that I had on my server by creating a filter in fail2ban. I made it so connections are blocked for 5 minutes if the connection is made from an IP that is not from CloudFlare.
1#Allow Cloudflare IPs 2#Retrieved from https://www.cloudflare.com/ips/ 3allow 188.8.131.52/20; 4allow 184.108.40.206/22; 5allow 220.127.116.11/22; 6allow 18.104.22.168/22; 7allow 22.214.171.124/18; 8allow 126.96.36.199/18; 9allow 188.8.131.52/20; 10allow 184.108.40.206/20; 11allow 220.127.116.11/22; 12allow 18.104.22.168/17; 13allow 22.214.171.124/15; 14allow 126.96.36.199/12; 15allow 188.8.131.52/13; 16allow 184.108.40.206/22; 17allow 2400:cb00::/32; 18allow 2606:4700::/32; 19allow 2803:f800::/32; 20allow 2405:b500::/32; 21allow 2405:8100::/32; 22allow 2a06:98c0::/29; 23allow 2c0f:f248::/32; 24 25#Block all other IPs from connecting 26deny all;