linux

How to correctly configure Fail2Ban for HTTP (DDOS) protection?

The essence of the problem is that an attack occurs periodically on a server with a large number of sites (deliberate, or Google search robots have not yet been able to understand).
When using the SSH command during the attack (the server hangs almost tightly):

netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort-n

I see in the output as follows:
1 54.165.102.64
1 54.169.129.166
2 93.66.16.249
3 203.162.2.92
4 179.61.8.3
5 171.98.170.157
5 213.14.12.67
6 91.98.235.122
9 121.134.16.228
9 37.17.4.47
13 0.0.0.0
20
262 185.62.188.91
As you can see, the last ip 118.148.168.30 has 262 connections to the server and it is he who hangs it up when manually blocked by the command:

iptables -I INPUT -s 185.62.188.91 -j DROP

after a couple of minutes, the server restores its normal operation until a similar attack starts from another IP (in a few hours or a day or a month).
In order to automate the process of banning such IPs, I installed the fail2ban utility and configured it according to articles on the Internet, added the following to jail.conf:

[apache-ddos]
enabled = true
filter = apache-ddos
action = iptables-multiport[name=ddos, port="http,https"]
sendmail-buffered[name=ddos, lines=5, dest=root]
logpath = / var/www/vhosts/domain.com/statistics/logs/access_log
/var/www/vhosts/wp.domain.com/statistics/logs/access_log
/var/log/apache*/*access.log
bantime=43200
findtime= 600
maxretry = 60
ignoreregex = \.(jpg|jpeg|png|gif|js|css)

Naturally restarted fail2ban after the changes, but nevertheless, for some reason, this does not help with the automatic blocking of all such ips (some are blocked, some are not). What did I set up wrong and how to set it up correctly?