I have the following snippet of fail2ban configuration on Ubuntu 13.10 server:

#jail.conf
[apache-getphp]
enabled  = true
port     = http,https
filter   = apache-getphp
action   = iptables-multiport[name=apache-getphp, port="http,https", protocol=tcp]
           mail-whois[name=apache-getphp, dest=root]
logpath  = /srv/apache/log/access.log
maxretry = 1

#filter.d/apache-getphp.conf
[Definition]
failregex  = ^<HOST> - - (?:\[[^]]*\] )+\"(GET|POST) /(?i)(PMA|phptest|phpmyadmin|myadmin|mysql|mysqladmin|sqladmin|mypma|admin|xampp|mysqldb|mydb|db|pmadb|phpmyadmin1|phpmyadmin2|cgi-bin)
ignoreregex =

I know the regex is good, because if I run the test command on my access.log:

fail2ban-regex /srv/apache/log/access.log /etc/fail2ban/filter.d/apache-getphp.conf

I get a SUCCESS result with multiple hits, and in my log I see entries like

187.192.89.147 - - [13/Apr/2014:11:36:03 +0100] "GET /phpTest/zologize/axa.php HTTP/1.1" 301 585 "-" "-"
187.192.89.147 - - [13/Apr/2014:11:36:03 +0100] "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 301 593 "-" "-"

Secondly I know email is configured correctly, as each time I service fail2ban restart I get an email for each of the filters stopping/starting.

However despite all this no action seems to be taken when one of these requests comes in. No email with whois, and no entries in iptables. What possibly could be preventing fail2ban from taking action? (everything looks in order in fail2ban-client -d and I can see the chains have loaded with iptables -L)