diff --git a/common/fragments/fail2ban.nix b/common/fragments/fail2ban.nix
index 52cd9ea..1aeb54c 100644
--- a/common/fragments/fail2ban.nix
+++ b/common/fragments/fail2ban.nix
@@ -1,9 +1,28 @@
 { config, pkgs, ... }: {
   services.fail2ban = {
     enable = true;
-    maxretry = 5;
+    maxretry = 10;
     ignoreIP = [ "127.0.0.0/8" "10.0.0.0/8" "192.168.0.0/16" "78.94.116.222" ];
     bantime-increment.enable = true;
+
+    jails = {
+      nginx-bad-request = ''
+        enabled  = true
+        action   = iptables[type=allports]
+      '';
+      grafana = ''
+        enabled  = true
+        action   = iptables[type=allports]
+      '';
+    };
   };
+
+  # Workaround for nginx-bad-request not being included
+  environment.etc."fail2ban/filter.d/nginx-bad-request.conf".source =
+    pkgs.fetchurl {
+      url =
+        "https://raw.githubusercontent.com/fail2ban/fail2ban/master/config/filter.d/nginx-bad-request.conf";
+      sha256 = "sha256-fCxNQpN+IAY+2kfeOmunmtipxTjS0gHauTBIKiCtjDY=";
+    };
 }