AWS, Cloud Computing

3 Mins Read

A Guide to Implementing Rate Limiting with mod_evasive

Voiced by Amazon Polly


In today’s digital age, where web services are integral to business operations, ensuring the availability and security of these services against potential threats has become paramount. One of the most prevalent threats to web service availability is the Denial of Service (DoS) attack, which aims to overwhelm a website with traffic, rendering it inaccessible to legitimate users. To combat this, web administrators must employ robust defense mechanisms. Among the various tools and techniques available, configuring rate limiting on web servers is an effective strategy to mitigate such attacks. Apache, one of the most widely used web servers, offers a module named mod_evasive specifically designed for this purpose.

This blog post aims to provide a comprehensive, step-by-step guide on how to leverage mod_evasive to protect your Apache server from DoS attacks, ensuring that your web services remain available and performant under adversarial conditions.


Configuring Apache to handle high traffic and prevent Denial of Service (DoS) attacks is crucial for maintaining the availability and performance of your web services. One effective tool for this purpose is mod_evasive, an Apache module designed to detect and mitigate excessive requests from a single IP address or range of IP addresses. In this blog post, I’ll guide you through installing, configuring, and testing mod_evasive on your Apache server.

Pioneers in Cloud Consulting & Migration Services

  • Reduced infrastructural costs
  • Accelerated application deployment
Get Started

Step-by-Step Guide

Step 1: Install mod_evasive

On Debian/Ubuntu Systems:

  1. Update your package list:

2. Install mod_evasive:

3. Enable the module (if it’s not automatically enabled):

On CentOS/RHEL Systems:

  1. You may need to add the EPEL repository:

2. Install mod_evasive:

Step 2: Configure mod_evasive

  1. Locate the mod_evasive configuration file. This will typically be found at /etc/apache2/mods-available/evasive.conf on Debian/Ubuntu or /etc/httpd/conf.d/mod_evasive.conf on CentOS/RHEL.
  2. Open the configuration file in your favorite editor (for example, using nano):

3. Configure the directives according to your needs. Here are some common settings:

  • DOSHashTableSize: The size of the hash table for tracking. A larger size can improve performance by spreading out the data. The default is 2048.
  • DOSPageCount: Threshold for the number of requests for the same page (or URI) per second. Crossing this limit could indicate an attack.
  • DOSSiteCount: Threshold for the total number of requests for any object by the same client on the same listener per second.
  • DOSPageInterval: The interval for the DOSPageCount threshold.
  • DOSSiteInterval: The interval for the DOSSiteCount threshold.
  • DOSBlockingPeriod: The time (in seconds) that a client will be blocked if they are added to the blacklist.

Example configuration:

4. Save and close the file.

Step 3: Restart Apache

To apply the changes, restart Apache:

  • On Debian/Ubuntu:
  • On CentOS/RHEL:

Step 4: Testing mod_evasive

To test if mod_evasive is working correctly, you can use a tool like siege or simply script multiple rapid requests to your server:

If mod_evasive is configured properly, you should receive a 403 Forbidden response after a certain number of requests, indicating that the IP has been temporarily blocked.


Safeguarding your Apache server from Denial of Service attacks is crucial for maintaining the integrity and availability of your web services. Through the implementation of mod_evasive, you have a powerful tool at your disposal to detect and prevent excessive requests, effectively mitigating potential DoS attacks.

This guide has walked you through the installation, configuration, and testing of mod_evasive, providing you with the knowledge to enhance your server’s defenses. Remember, the digital landscape is constantly evolving, and so are the tactics of adversaries. Therefore, continuously monitoring your server’s performance and adjusting your security measures accordingly is essential. Following the steps outlined in this guide and adopting a proactive approach to server security, you can ensure that your web services remain resilient against threats, providing a reliable and secure experience for your users.

Drop a query if you have any questions regarding Apache server and we will get back to you quickly.

Experience Effortless Cloud Migration with Our Expert Solutions

  • Stronger security  
  • Accessible backup      
  • Reduced expenses
Get Started

About CloudThat

CloudThat is a leading provider of Cloud Training and Consulting services with a global presence in India, the USA, Asia, Europe, and Africa. Specializing in AWS, Microsoft Azure, GCP, VMware, Databricks, and more, the company serves mid-market and enterprise clients, offering comprehensive expertise in Cloud Migration, Data Platforms, DevOps, IoT, AI/ML, and more.

CloudThat is recognized as a top-tier partner with AWS and Microsoft, including the prestigious ‘Think Big’ partner award from AWS and the Microsoft Superstars FY 2023 award in Asia & India. Having trained 650k+ professionals in 500+ cloud certifications and completed 300+ consulting projects globally, CloudThat is an official AWS Advanced Consulting Partner, Microsoft Gold Partner, AWS Training PartnerAWS Migration PartnerAWS Data and Analytics PartnerAWS DevOps Competency PartnerAmazon QuickSight Service Delivery PartnerAmazon EKS Service Delivery PartnerAWS Microsoft Workload PartnersAmazon EC2 Service Delivery Partner, and many more.

To get started, go through our Consultancy page and Managed Services PackageCloudThat’s offerings.


1. What exactly is mod_evasive?

ANS: – Mod_evasive is an essential Apache module crafted to aid web administrators in safeguarding their servers from threats like Denial of Service (DoS), Distributed Denial of Service (DDoS), and brute force attacks. It achieves this by dynamically identifying and blocking the IP addresses of clients that send requests at a pace considered aggressive or potentially harmful.

2. Can you explain the operational mechanism of mod_evasive?

ANS: – The operational core of mod_evasive lies in its ability to vigilantly monitor the flow of incoming requests to an Apache web server. It enforces specific rules designed to cap the number of allowable requests from a single IP address within a predefined timeframe. Should a client surpass these established limits, mod_evasive interprets this behavior as aggressive, leading to a temporary blockade of further requests from the offending IP address.


Naman works as a Research Intern at CloudThat. With a deep passion for Cloud Technology, Naman is committed to staying at the forefront of advancements in the field. Throughout his time at CloudThat, Naman has demonstrated a keen understanding of cloud computing and security, leveraging his knowledge to help clients optimize their cloud infrastructure and protect their data. His expertise in AWS Cloud and security has made him an invaluable team member, and he is constantly learning and refining his skills to stay up to date with the latest trends and technologies.



    Click to Comment

Get The Most Out Of Us

Our support doesn't end here. We have monthly newsletters, study guides, practice questions, and more to assist you in upgrading your cloud career. Subscribe to get them all!