How to: Configure Layer 7 DoS protection¶
In the following example, we enable Layer 7 DoS protection, including bad actor detection.
{
"name": "set_dos_policy",
"template": {
"name": "POLICY_TEMPLATE_FUNDAMENTAL"
},
"applicationLanguage": "utf-8",
"caseInsensitive": false,
"enforcementMode": "blocking",
"learningMode": "manual",
"signature-sets": [
{
"name": "Generic Detection Signatures (High/Medium Accuracy)",
"alarm": false,
"block": false,
"learn": false
}
],
"dos-protection": {
"enabled": true,
"behavioral-dos": {
"mitigationLevel": "standard",
"enableHttpSignatures": true,
"enableTlsSignatures": false,
"badActorDetection": {
"enabled": true,
"enableTlsIndexing": true
}
}
}
}
After enabling Layer 7 DoS protection, enable Layer 7 DoS remote logging.