Install Fail2Ban and look for this option in jail.local
# # HTTP servers # [apache] enabled = true port = http,https filter = apache-auth logpath = /var/log/apache*/*error.log maxretry = 2
Always test by trying to block yourself. A good place to look is
tail -f /var/log/apache2/error.log
&
tail -f /var/log/fail2ban.log