Skip to content

How to Configure Apache mod_evasive for DoS Protection

DodaTech Updated 2026-06-24 1 min read

mod_evasive protects Apache against denial-of-service attacks by detecting and blocking rapid requests. Threshold tuning prevents false positives. This guide walks through the specific troubleshooting steps to diagnose and resolve mod_evasive issues.

Before You Begin

Before you begin, be sure to have the following in place:

  • A Linux server with the relevant software installed
  • Access to the command line interface
  • Appropriate permissions (root or sudo)

Quick Fix

Wrong

No DoS protection (vulnerable to request floods)

Wrong: No protection against DoS attacks

DOSHashTableSize 3097\nDOSPageCount 5\nDOSSiteCount 50\nDOSPageInterval 2\nDOSSiteInterval 1\nDOSBlockingPeriod 10

Right: mod_evasive with threshold and blocking period

Output

mod_evasive configured:\n  Page limit: 5 hits per 2 seconds\n  Site limit: 50 hits per 1 second\n  Block period: 10 seconds

Prevention

To avoid future issues, follow these best practices:

  • Enable mod_evasive with a2enmod evasive
  • Set DOSPageCount to limit requests to the same page
  • Set DOSSiteCount to limit total requests to the site
  • Set DOSBlockingPeriod long enough to discourage attackers
  • Monitor /var/log/apache2/mod_evasive.log for blocked IPs

DodaTech Tools

For further assistance with any of the above issues, consider using DodaTech consulting services or DodaTech tutorials for more in-depth guidance.

Common Mistakes with mod evasive

  1. Misunderstanding that String is [Char] with poor performance for large text operations
  2. Using foldl instead of foldl' causing stack overflow on large lists
  3. Forgetting deriving (Show, Eq) on custom data types needed for debugging

These mistakes appear frequently in real-world APACHE code. DodaTech's contributors have identified these patterns through analysis of open-source projects and production systems.

Practice Exercise

Write a pure function that safely divides two integers using Maybe, then test it with edge cases like division by zero and negative numbers.

This exercise reinforces the concepts covered in this guide. Try implementing it before checking online solutions.

FAQ

How does mod_evasive detect DoS attacks?|||It tracks request counts per IP for individual pages and the entire site. If thresholds are exceeded, the IP is blocked temporarily.
What is a good DOSPageCount setting? 5 requests to the same page within DOSPageInterval (2 seconds) is a reasonable threshold. Adjust based on your application.

Built by the developers of DodaTech

Doda Browser, DodaZIP & Durga Antivirus Pro