L7 DoS Profile
I have what I think should be a couple of simple questions about L7 DoS profiles in ASM. I am running 11.5.3 HF2, and right now I have a couple of application configured with L7 DoS profiles doing TPS based detection and rate limiting for mitigation. It has been a while since these profiles were implemented I am looking to tune some of the settings and also use some of the new features that have been been put in place. I have read through the implementation guides, but there were a couple things I still wasn't real clear on.
-
I see the settings for Escalation/De Escalation and it see that it for mitigation. So does that mean if I have Client Side Integrity and Rate Limiting turned on it will try the Integrity checks first for a period to mitigate and then proceed to rate limiting?
-
In the Heavy URL protection I see there is auto detect. Can anyone tell me what it is using for criteria to detect Heavy URLs?
-
This one is more experience based. Do you have a preference on Latency vs TPS based detection, and why?
Any help or advice is appreciated.