Before tweaking mod_evasive thresholds, ensure that caching is properly occurring of static assets. For example, add this to the .htaccess in your document root to set a 10-day cache on all static assets ending in .gif, .jpg, .png, .js, .css, .woff2, .eot, and .svg:
<FilesMatch "\.(gif|jpg|png|js|css|woff2|eot|svg)$">
ExpiresActive On
ExpiresDefault A8640000
Header unset Set-Cookie
Header unset Last-Modified
</FilesMatch>
If a site is rich in static resources or a typical disjoint WordPress hodgepodge of plugins, this’ll cut down on requests significantly. Use DevTools to verify the requests are properly cached (from memory cache).
Once that’s addressed, these can be overridden on a per-site basis by creating a file named custom in /etc/httpd/conf/siteXX.
# Raise the number of same-site URI requests to 350 within a 5s period
<IfModule evasive_module>
DOSSiteCount 350
DOSSiteInterval 5
</IfModule>
Then run htrebuild.
Is there any method to use GEOIP to NOT ban if the IP is from XX country
It’s an all-or-nothing compromise to whitelist access to all services. Here’s an example to blacklist specific countries. To make it a whitelist, replace rampart:blacklist with rampart:whitelist.