@mrjoli021 Just getting back on this topic, here is my config:
/etc/fail2ban/jail.local:
[gitlab]
enabled = true
port = http,https
filter = gitlab
logpath = /var/log/gitlab/gitlab-rails/production_json.log
maxretry = 3
/etc/fail2ban/filter.d/gitlab.conf:
[Definition]
#failregex = ^Started .* for <HOST> at .*<SKIPLINES>Completed 401 Unauthorized
failregex = ^{"method":"POST","path":"\/users\/sign_in",[a-zA-Z:,"]+,"status":0.*"remote_ip":"<HOST>",
ignoreregex =
this works for Gitlab 13.x anyway.