Hello,
this is not really an installation issue per se but more like a question related about the synergy between tools such as fail2ban and crowdsec.
My understanding was that nginx ultimate bad bot blocker also contains a list of IPs which are somewhat up-to-date, is that the case or the main intention of the tool is to reject attacks mainly based on patterns/ua and leave the bad IPs as a secondary feature?

Are then fail2ban/crowdsec overkill against nginx logs?

@maxdd - I always used UBBB with fail2ban (which was already detecting & blocking clients who generated too many bad 40x's)

• I think the proper place for rate limiting requests is in the firewall (all web clients should behave nicely)

• I prefer nftables firewalls as it's a single config for ipv4 / ipv6 & ipset functionality is built in.

• Blocking bad ip's in ipsets at the nftables ingress level hook is a good choice for performance (i.e before packets traverse connection tracking & before prerouting) - requires kernel 5.10+ & nftables 0.9.7+