Nginx

Is it possible to make a decrement rule in Fail2ban? Or alternative tool on ubuntu?

The essence of the problem.

we need a tool that, based on the nginx log, will be able to detect agents that request only text / html and do not pull up img | css | js and send them to the ban

There is Nginx, which will pour into the log when the rate is exceeded.

location = / {
limit_req_zone $binary_remote_addr zone=one:10m rate=2r/s;
}

(just an example on VP)
There is a rule for nginx by tim

[nginx-req-limit]
enabled = true
filter = nginx-req-limit
action = iptables-multiport[name=ReqLimit, port="http,https", protocol=tcp]
logpath = /var/log/nginx/*error .log #path to nginx log
findtime = 600 # look for entries in the log for 600 seconds
bantime = 7200 #time to ban hop
maxretry = 10 # hop allowed attempts (such entries in the log for the time interval specified in findite)

Well

Limit ban filter
/nginx-req-limit.conf
[Definition]
failregex = ^\s*\[error\] \d+#\d+: \*\d+ limiting requests, excess: [\d\.]+ by zone "[^"]+", client:
ignoreregex=

But!
The condition is necessary:
​​If the user exceeds the rate for requests to html \ php pages, but he also pulls css, js, etc. - do not ban him.
If the user exceeds the rate only by pulling html - ban with a failtube