mitigation (learning only) to aggressive protection (proactive DoS protection).

The
system can quickly
detect Layer 7 DoS attacks, characterize the offending traffic, and mitigate the
attack.
You can use a DoS profile that has Behavioral DoS enabled to protect one or, at
most, two virtual servers.
About DoS mitigation methods
When setting up either transaction-based or stress-based DoS protection, you can
specify mitigation
methods that determine how the system recognizes and handles DoS attacks. You can
use the following
methods:
• JavaScript challenges (also called Client-Side Integrity Defense)
• CAPTCHA challenges
• Request blocking (including Rate Limit or Block All)
You can configure the system to issue a JavaScript challenge to analyze whether the
client is using a legal
browser (that can respond to the challenge) when the system encounters a suspicious
IP address, URL,
geolocation, or site-wide criteria. If the client does execute JavaScript in
response to the challenge, the
system purposely slows down the interaction. The Client Side Integrity Defense
mitigations are enacted
only when the Operation Mode is set to blocking.
Based on the same suspicious criteria, the system can also issue a CAPTCHA
(character recognition)
challenge to determine whether the client is human or an illegal script. Depending
on how strict you want
to enforce DoS protection, you can limit the number of requests that are allowed
through to the server or
block requests that are deemed suspicious.