How to: Configure Layer 7 DoS protection

In the following example, we enable Layer 7 DoS protection, including bad actor detection.

{
    "name": "set_dos_policy",
    "template": {
        "name": "POLICY_TEMPLATE_FUNDAMENTAL"
    },
    "applicationLanguage": "utf-8",
    "caseInsensitive": false,
    "enforcementMode": "blocking",
    "learningMode": "manual",
    "signature-sets": [
        {
            "name": "Generic Detection Signatures (High/Medium Accuracy)",
            "alarm": false,
            "block": false,
            "learn": false
        }
    ],
    "dos-protection": {
        "enabled": true,
        "behavioral-dos": {
            "mitigationLevel": "standard",
            "enableHttpSignatures": true,
            "enableTlsSignatures": false,
            "badActorDetection": {
                "enabled": true,
                "enableTlsIndexing": true
            }
        }
    }
}

After enabling Layer 7 DoS protection, enable Layer 7 DoS remote logging.