Is there any solution that can block ips that are doing scans or calling suspicious urls to the webserver? Something like fail2ban but for scans and funny urls. Currently fail2ban is looking for failed login attempts. Any suggestions? I hope I am using the correct terms.
Fail2ban has lots of jails for different purposes, more jails can be found to download and it is possible to make jail yourself and get it to filter based on criteria you want. For example several apache-* filters come with fail2ban at least on Debian 10.
Crowdsec is somewhat of a "next generation" fail2ban you could look at, it also has configuration to block from web server logs. You could install mod_security and work on setting that up (there are also some commercial security subscriptions which use it if you want to go that route), and whatever it blocks/logs can then feed back to fail2ban/crowdsec. (I'm currently just using fail2ban, but you do need to do some configuring of it as @Taleman mentioned.)
Thank you both for the advice. I will look further into fail2ban and crowdsec. Thank you both again. This has helped me much.
Suspicious activities that you mentioned may be something or probably is nothing, so just do routine security checks of your secured settings, SSL certs, open ports, access logs, keys and you should do just fine. Most of the times, there is nothing more you could do in hardening the security, but culturing good server monitoring and governance always have rooms for improvement.
