fail2ban

I’m familiar with f2b. I even have several clients licensed with the commercial version but it doesn’t fit this use case as there’s no logon failure for it to work with.

I automatically ban any IP that comes from outside the US because there’s literally no reason for anyone outside the US to make requests to my infra.

I have systems setup with geo-blocking but it’s of limited use due to the prevalence of VPNs.

also, use a WAF on a NAT to expose your apps.

This isn’t a solution either because a WAF has no way to know what traffic is bad so it doesn’t know what to block.