I’ve just realized that the default filters installed with fail2ban in Ubuntu GNU/Linux does not help you when you use Digest Authentication with Apache. In order to have the most basic measure against brute force attacks to a digest authentication enabled web service you need to modify
/etc/fail2ban/filter.d/apache-auth.conf. I have tried the suggestion given at fail2ban wiki and it seems to work http://www.fail2ban.org/wiki/index.php/Talk:Apache:
Once you add the line above to the apache-auth.conf file, try a to enter wrong username / password combinations when you are presented with the authentication window and then check if fail2ban detects it (I’m assuming your log files are at their usual locations):
$ fail2ban-regex /var/log/apache2/error.log /etc/fail2ban/filter.d/apache-auth.conf
If it returns success and you can see that the relevant IP addresses are matched then you can restart your fail2ban server and have one more level of protection.