How to whitelist IPs in Apache mod_evasive

The mod_evasive module protects your Apache webserver from DDoS attacks.

mod evasive
mod_evasive GitHub page

Sometimes, legit users can trigger mod_evasive and they will get a 403 HTTP message “Forbidden – You don’t have permission to access this resource”. In the Apache logs there will be messages like:

[Sun Apr 05 09:43:17.836335 2020] [:error] [pid 28167] [client] client denied by server configuration: /home/example/public_html/admin/index.php, referer:

In this post, we will show how to whitelist IPs. Notice that is not possible to disable it for a domain or vhost. The configuration is global and applies to all domains on the server.

The mod_evasive configuration file is /etc/apache2/conf.d/300-mod_evasive.conf . To whitelist IPs, just edit the file with your preferred editor and add DOSWhitelist IP statements like:


You can also use wildcards. The information in the configuration file states:

# You can use whitelists to disable the module for certain ranges of
# IPs. Wildcards can be used on up to the last 3 octets if necessary.
# Multiple DOSWhitelist commands may be used in the configuration.
#DOSWhitelist 192.168.0.*

300-mod_evasive.conf file

Don’t forget to reload the Apache webserver.

How to install mod_evasive

Leave a Reply