Story

I built nginx-defender after repeatedly seeing small and mid-sized NGINX servers get hammered by automated abuse (credential stuffing, path probing, aggressive scraping).

Existing tools like fail2ban or CrowdSec felt either too slow to react, too heavy for low resource servers, or painful to tune for modern traffic patterns.

nginx-defender runs inline with NGINX and blocks abusive IPs in real time based on request behavior rather than static rules. It’s designed to be lightweight, simple to deploy, and usable on small VPS setups.

I’ve been running it on my own servers and have seen thousands of abusive requests blocked within hours with minimal overhead.

Would love feedback from people running NGINX in production, especially on detection logic, false positives, or missing use cases.