When setting up DoS protection, you can configure the system to prevent DoS attacks

based on the
server side (stress-based detection). In stress-based detection, it takes a latency
increase and at least one
suspicious IP address, URL, heavy URL, site-wide entry, or geolocation for the
activity to be considered
an attack.
Note: The average latency is measured for each site, that is, for each virtual
server and associated DoS
profile. If one virtual server has multiple DoS profiles (implemented using a local
traffic policy), then
each DoS profile has its own statistics within the context of the virtual server.
Stress-based DoS protection also includes Behavioral DoS. When enabled, the system
examines traffic
behavior to automatically detect DoS attacks. Behavioral DoS reviews the offending
traffic, and mitigates
the attack with minimal user intervention required.
Stress-based protection is less prone to false positives than TPS-based protection
because in a DoS
attack, the server is reaching capacity and service/response time is slow: this is
impacting all users.
Increased latency can be used as a trigger step for detecting an L7 attack.
Following the detection of a