Does anyone have any experience with Apache mod_evasive? I've just installed that to try and mitigate DoS attacks, but it's not working as expected. My config is:
LoadModule evasive20_module lib64/httpd/modules/mod_evasive20.so
As you can see, I've set the SiteCount to 100. I've had it at the default of 50, and tried 10 as well. No matter what I set it to it seems to generate the Blacklist message after some very few accesses. For example, it just blacklisted an IP that shows in the access_log only 9 times and over a 4 second period (not the supposed 1 second as defined by DOSSiteInterval).
As I said, it seems to blacklist with about this number of accesses regardless of what I set the DOSSiteCount to.