As you can see, I've set the SiteCount to 100. I've had it at the default of 50, and tried 10 as well. No matter what I set it to it seems to generate the Blacklist message after some very few accesses. For example, it just blacklisted an IP that shows in the access_log only 9 times and over a 4 second period (not the supposed 1 second as defined by DOSSiteInterval).
LoadModule evasive20_module lib64/httpd/modules/mod_evasive20.so <IfModule mod_evasive20.c> DOSHashTableSize 3097 DOSPageCount 2 DOSSiteCount 100 DOSPageInterval 1 DOSSiteInterval 1 DOSBlockingPeriod 10 DOSEmailNotify firstname.lastname@example.org </IfModule>
From novice to tech pro — start learning today.