this is already possible with e.g. fail2ban as seen in [1].
It makes no sense to implement such blocking in PHP as e.g. done by Nextcloud. This just brings a false sense of security. Such blocking needs to be done on OS layer and not on Application Layer within PHP for the reasons as e.g. described in [2]