diff --git a/addons/fail2ban/jail.local.snippet b/addons/fail2ban/jail.local.snippet
new file mode 100644
index 0000000..41f6547
--- /dev/null
+++ b/addons/fail2ban/jail.local.snippet
@@ -0,0 +1,8 @@
+[easyengine-nginx-req-limit]
+enabled = true
+filter = easyengine-nginx-req-limit
+action = iptables-multiport[name=ReqLimit, port="http,https", protocol=tcp]
+logpath = /opt/easyengine/sites/*/logs/nginx/error.log
+findtime = 600
+bantime = 86400
+maxretry = 5
diff --git a/addons/fail2ban/rtcamp-nginx-req-limit.conf b/addons/fail2ban/rtcamp-nginx-req-limit.conf
new file mode 100644
index 0000000..a84d7cc
--- /dev/null
+++ b/addons/fail2ban/rtcamp-nginx-req-limit.conf
@@ -0,0 +1,13 @@
+# Fail2Ban configuration file
+#
+# supports: ngx_http_limit_req_module module
+
+[Definition]
+
+failregex = limiting requests, excess:.* by zone.*client: <HOST>
+
+# Option: ignoreregex
+# Notes.: regex to ignore. If this regex matches, the line is ignored.
+# Values: TEXT
+#
+ignoreregex =
diff --git a/functions b/functions
index 3fb67d2..368dd8e 100644
--- a/functions
+++ b/functions
@@ -306,3 +306,28 @@ function pull_easyengine_images() {
   ee_log_info1 "Pulling EasyEngine docker images"
   "$EE4_BINARY" cli info
 }
+
+function install_addons() {
+  install_fail2ban
+}
+
+function install_fail2ban() {
+
+  if ! command -v lsb_release >/dev/null 2>&1; then
+    return
+  fi
+  # Only configure fail2ban if Ubuntu/Debain distro is detected.
+  distro=$(lsb_release -i | cut -d: -f2 | sed s/'^\t'//)
+  if [[ 'Ubuntu' == "$distro" ]] || [[ 'Debian' == "$distro" ]]; then
+    # Check if fail2ban exists. If not install it.
+    if ! command -v fail2ban >/dev/null 2>&1; then
+      ee_log_info1 "Installing fail2ban"
+      apt install fail2ban -y
+      wget -O /etc/fail2ban/filter.d/rtcamp-nginx-req-limit.conf https://raw.githubusercontent.com/EasyEngine/installer/master/addons/fail2ban/rtcamp-nginx-req-limit.conf
+      cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
+      wget -O - https://raw.githubusercontent.com/EasyEngine/installer/master/addons/fail2ban/jail.local.snippet >> /etc/fail2ban/jail.local
+      service fail2ban restart
+      ee_log_info1 "fail2ban configured"
+    fi
+  fi
+}
diff --git a/setup.sh b/setup.sh
index 47a0b3b..c4ae3c6 100644
--- a/setup.sh
+++ b/setup.sh
@@ -42,6 +42,8 @@ function do_install() {
   download_and_install_easyengine
   ee_log_info1 "Pulling EasyEngine docker images"
   pull_easyengine_images
+  ee_log_info1 "Installing addons"
+  install_addons
   ee_log_info1 "Run \"ee help site\" for more information on how to create a site."
 }