fail2ban 找到匹配项，但没有禁止

我在 CentOS 7 上使用 fail2ban 0.9.7 以及 Apache 反向代理，试图禁止尝试作为开放代理访问我的服务器的机器人，例如：

221.8.179.164 - - [10/Jun/2019:22:04:19 +0200] "CONNECT auth.riotgames.com:443 HTTP/1.1" 405 235 "-" "Mozilla/5.0 (Windows NT 6.1; rv:27.0) Gecko/20100101 Firefox/27.0"

ProxyRequests尽管已关闭，其中一些请求仍因某种原因返回 200 。

这是我的配置：

apache-badhosts.conf

[Definition]
failregex = ^<HOST> - -.*"(GET|POST|HEAD|CONNECT).*(bad_host_1|bad_host_2|bad_host_3).*"$

ignoreregex =

监狱配置文件

[apache-badhosts]
port     = http,https
# I made sure this is the proper path
logpath  = /var/log/httpd/access_log
bantime  = 172800
maxretry = 1
enabled  = true

结果如下fail2ban-regex：

user@host /e/fail2ban> sudo fail2ban-regex /var/log/httpd/access_log /etc/fail2ban/filter.d/apache-badhosts.conf

Running tests
=============

Use   failregex filter file : apache-badhosts, basedir: /etc/fail2ban
Use         log file : /var/log/httpd/access_log
Use         encoding : UTF-8


Results
=======

Failregex: 10797 total
|-  #) [# of hits] regular expression
|   1) [10797] ^<HOST> - -.*"(GET|POST|HEAD|CONNECT).*(bad_host_1|bad_host_2|bad_host_3).*"$
`-

Ignoreregex: 0 total

Date template hits:
|- [# of hits] date format
|  [13813] Day(?P<_sep>[-/])MON(?P=_sep)Year[ :]?24hour:Minute:Second(?:\.Microseconds)?(?: Zone offset)?
`-

Lines: 13813 lines, 0 ignored, 10797 matched, 3016 missed
[processed in 2.44 sec]

fail2ban.log

日志几乎是空的，仅显示sshd禁令。

为什么 fail2ban 没有禁止 IP，尽管它使用上面的正则表达式找到了匹配项？