diff --git a/docs/fail2ban.md b/docs/fail2ban.md
index 4f315c70549c39208d8c0640623ccc93493454e8..fa6fcb338a33cb1ebe51863be2c9162d80022d99 100644
--- a/docs/fail2ban.md
+++ b/docs/fail2ban.md
@@ -33,3 +33,9 @@ Add `fail2ban_jails` dict with `postfix: true` to the host's `host_vars`.
 The dovecot jail is enabled for our mail server, blocking failed logins. Adding it to a host:
 
 Add `fail2ban_jails` dict with `dovecot: true` to the host's `host_vars`.
+
+### nginx_limit_req
+
+The nginx_limit_req jail is not enabled on any server. This jail bans IPs based repeated errors on nginx error log. Default blocking is 1 hour(s). Adding to a host:
+
+Add `fail2ban_jails` dict with `nginx_limit_req: true` to the host's `host_vars`.
diff --git a/roles/fail2ban/defaults/main.yml b/roles/fail2ban/defaults/main.yml
index 003ddc95b65a4843bbd64624258bebea59a1a5b7..da6f19cd3b38b865635f6ffa7c88fa59d139004e 100644
--- a/roles/fail2ban/defaults/main.yml
+++ b/roles/fail2ban/defaults/main.yml
@@ -4,6 +4,7 @@ fail2ban_jails:
   sshd: false
   postfix: false
   dovecot: false
+  nginx_limit_req: false
 
 # use variables for these directives so they can be overridden at a host or
 # group level as required. note that there cannot be a space between the
diff --git a/roles/fail2ban/tasks/main.yml b/roles/fail2ban/tasks/main.yml
index 2955386f5239886418f6aebe4571b15bf9918602..fa8d7607a5f44c103166408ac67dbd2a8019c7d8 100644
--- a/roles/fail2ban/tasks/main.yml
+++ b/roles/fail2ban/tasks/main.yml
@@ -77,6 +77,17 @@
   notify:
     - reload fail2ban jails
 
+- name: install nginx-limit-req jail
+  when: fail2ban_jails.nginx_limit_req
+  template:
+    src: "nginx-limit-req.jail.j2"
+    dest: "/etc/fail2ban/jail.d/nginx-limit-req.local"
+    owner: "root"
+    group: "root"
+    mode: 0644
+  notify:
+    - reload fail2ban jails
+
 - name: start and enable service
   systemd:
     name: "fail2ban.service"
diff --git a/roles/fail2ban/templates/nginx-limit-req.jail.j2 b/roles/fail2ban/templates/nginx-limit-req.jail.j2
new file mode 100644
index 0000000000000000000000000000000000000000..63a6ad37df971b4aa6bd0cf28f42fb5dfd0082a6
--- /dev/null
+++ b/roles/fail2ban/templates/nginx-limit-req.jail.j2
@@ -0,0 +1,13 @@
+#
+# {{ansible_managed}}
+#
+
+[nginx-limit-req]
+
+enabled = true
+filter = nginx-limit-req
+action = iptables-multiport[name=ReqLimit, port="http,https", protocol=tcp]
+logpath = /var/log/nginx/*/error.log
+findtime = 5min
+bantime = 1hours
+maxretry = 10
\ No newline at end of file