Heavy URLs are URLs that may consume considerable server resources per request.

Heavy URLs
respond with low latency most of the time, but can easily reach high latency under
specific conditions
(such as DoS attacks). Heavy URLs are not necessarily heavy all the time, but tend
to get heavy
especially during attacks. Therefore, low rate requests to those URLs can cause
significant DoS attacks
and be hard to distinguish from legitimate clients.
Typically, heavy URLs involve complex database queries; for example, retrieving
historical stock quotes.
In most cases, users request recent quotes with weekly resolution, and those
queries quickly yield
responses. However, an attack might involve requesting five years of quotes with
day-by-day resolution,
which requires retrieval of large amounts of data, and consumes considerably more
resources.
Application Security Manager™ (ASM) allows you to configure protection from heavy
URLs in a DoS
profile. You can specify a latency threshold for automatically detecting heavy
URLs. If some of the web
site's URLs could potentially become heavy URLs, you can manually add them so the
system will keep
an eye on them, and you can add URLs that should be ignored and not considered
heavy.
ASM™ measures the tail latency of each URL and of the whole site for 24 hours to
get a good sample of
request behavior. A URL is considered heavy if its average tail latency is more
than twice that of the site
latency for the 24-hour period.