diff --git a/services/nginx.nix b/services/nginx.nix
index b0f9b2e..aeeb7dd 100644
--- a/services/nginx.nix
+++ b/services/nginx.nix
@@ -48,4 +48,16 @@
     after = [ "network-online.target" ];
     wants = [ "network-online.target" ];
   };
+
+  services.fail2ban.jails.apache-badbots =
+    lib.mkIf config.services.fail2ban.enable {
+      settings = {
+        enabled = true;
+        port = "http,https";
+        filter = "apache-badbots";
+        logpath = "/var/log/nginx/access.log";
+        maxretry = 1;
+        bantime = "72h";
+      };
+    };
 }