diff --git a/scripts/upgrade b/scripts/upgrade
index 6f57ad0..7437bfb 100755
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -170,6 +170,12 @@ set_permissions
 # reconfigure application with latest parameters
 sudo -u $app $final_path/cli/reconfigure.php --default_user $admin --auth_type http_auth --environment production --base_url https://$domain$path_url --title FreshRSS --api_enabled --db-type mysql --db-host localhost --db-user $db_name --db-password $db_pwd --db-base $db_name
 
+#=================================================
+# SETUP FAIL2BAN
+#=================================================
+ynh_script_progression --message="Adding fail2ban configuration..."
+ynh_add_fail2ban_config_temp "/var/log/nginx/$domain-access.log" ".* - - .*\/api\/[a-z]*(.php)\/accounts\/ClientLogin\?Email=[a-z]*&Passwd=[a-z]* HTTP.* 401 .*" 12 # 10 retries should be enough to permit some tests with (for instance) an app client
+
 #=================================================
 # SETUP SSOWAT
 #=================================================