Правило fail2ban не работает, когда запрос от атаки грубой силы

У меня есть ситуация, когда некоторые IP-адреса из Молдовы пытаются каждый день обнаруживать мои базовые учетные данные с помощью какого-либо типа атаки грубой силы.

Однако у меня есть правило с fail2ban, которое должно избегать этой ситуации. И это работает, когда я пытаюсь использовать VPN.

Пример запроса, запускающего fail2ban после трех попыток. Мои просьбы

2016/07/14 15:10:54 [error] 13937#0: *55700 user "engineer" was not found in "/usr/local/nginx/.htpasswd", client: 146.185.31.214, server: localhost, request: "GET / HTTP/1.1", host: "www.mysite.pt"

Проблема в том, что запрос с IP-адреса хакера не запускает fail2ban, и я не знаю почему. Единственная разница - это referrer: как вы видете.

2016/07/14 01:54:31 [error] 13913#0: *42558 user "engineer" was not found in "/usr/local/nginx/.htpasswd", client: 194.28.112.51, server: localhost, request: "GET / HTTP/1.1", host: "www.mysite.pt", referrer: "http://www.mysite.pt/

/etc/fail2ban/filter.d/nginx-http-auth.conf

[Definition]


failregex = ^ \[error\] \d+#\d+: \*\d+ user "\S+":? (password mismatch|was not found in ".*"), client: <HOST>, server: \S+, request: "\S+ \S+ HTTP/\d+\.\d+", host: "\S+"\s*$
            ^ \[error\] \d+#\d+: \*\d+ no user/password was provided for basic authentication, client: <HOST>, server: \S+, request: "\S+ \S+ HTTP/\d+\.\d+", host: "\S+"\s*$

ignoreregex =

[nginx-http-auth]

enabled = true
filter  = nginx-http-auth
port    = http,https
logpath = /usr/local/nginx/localhost-error.log
maxretry = 3

Возникает вопрос, почему мои запросы активируют правило, а запросы злоумышленника - нет?

Выдержка из журнала:

2016/07/14 01:54:27 [error] 13917#0: *42529 user "mts" was not found in "/usr/local/nginx/.htpasswd", client: 194.28.112.51, server: localhost,  request: "GET / HTTP/1.1", host: "www.mysite.pt", referrer: "http://www.mysite.pt/"
2016/07/14 01:54:27 [error] 13917#0: *42530 user "mts" was not found in "/usr/local/nginx/.htpasswd", client: 194.28.112.51, server: localhost, request: "GET / HTTP/1.1", host: "www.mysite.pt", referrer: "http://www.mysite.pt/"
2016/07/14 01:54:28 [error] 13917#0: *42531 user "telecomadmin" was not found in "/usr/local/nginx/.htpasswd", client: 194.28.112.51, server: localhost, request: "GET / HTTP/1.1", host: "www.mysite.pt", referrer: "http://www.mysite.pt/"
2016/07/14 01:54:28 [error] 13917#0: *42532 user "telecomadmin" was not found in "/usr/local/nginx/.htpasswd", client: 194.28.112.51, server: localhost, request: "GET / HTTP/1.1", host: "www.mysite.pt", referrer: "http://www.mysite.pt/"
2016/07/14 01:54:28 [error] 13917#0: *42533 user "mgts" was not found in "/usr/local/nginx/.htpasswd", client: 194.28.112.51, server: localhost, request: "GET / HTTP/1.1", host: "www.mysite.pt", referrer: "http://www.mysite.pt/"
2016/07/14 01:54:28 [error] 13917#0: *42534 user "mgts" was not found in "/usr/local/nginx/.htpasswd", client: 194.28.112.51, server: localhost, request: "GET / HTTP/1.1", host: "www.mysite.pt", referrer: "http://www.mysite.pt/"
2016/07/14 01:54:28 [error] 13917#0: *42535 user "admin" was not found in "/usr/local/nginx/.htpasswd", client: 194.28.112.51, server: localhost, request: "GET / HTTP/1.1", host: "www.mysite.pt", referrer: "http://www.mysite.pt/"
2016/07/14 01:54:28 [error] 13917#0: *42536 user "admin" was not found in "/usr/local/nginx/.htpasswd", client: 194.28.112.51, server: localhost, request: "GET / HTTP/1.1", host: "www.mysite.pt", referrer: "http://www.mysite.pt/"
2016/07/14 01:54:29 [error] 13917#0: *42539 user "kyivstar" was not found in "/usr/local/nginx/.htpasswd", client: 194.28.112.51, server: localhost, request: "GET / HTTP/1.1", host: "www.mysite.pt", referrer: "http://www.mysite.pt/"