Ghost Docker fail2ban configuration to block traffic from script kiddies & botnets?

Somebody is hitting my blog with HEAD requests for a list of non-existent security holes (scanning for tarballs, SQL dumps, and such in various “backup”, and “old” directories). So far the number of requests is low, but I don’t like using up my memory and bandwidth on low-effort attacks like this.

So I have a question for others self-hosting Ghost with Docker: what mitigations do you have in place?

I will probably configure fail2ban or something similar. (I’d like to avoid putting my blog back on CloudFlare, if I can avoid it.) But I wanted to check if anyone else has had the same problem, and has a configuration they are willing to share so I don’t have to reinvent the wheel with my limited Docker skills :slight_smile:

Thanks!