You configure DoS protection for Layer 7 by creating a DoS profile with Application

Security enabled.
You then associate the DoS profile with one or more virtual servers representing
applications that you
want to protect. DoS protection is a system protection that is not part of a
security policy.
The main factors in establishing the prevention policy are:
• Attackers: The clients that initiate the actual attacks. They are represented by
their IP addresses and
the geolocations they come from.
• Servers: The web application servers that are under attack. You can view them
site-wide as the pairing
of the virtual server and the DoS profile, by the URL, or as a pool member.
• BIG-IP system: The middle tier that detects attacks and associated suspicious
entities, then mitigates
the attacks, or blocks or drops requests depending on the options you configure in
the DoS profile.
Task Summary
Configuring DoS protection for applications
Creating a whitelist for DoS protection
Using proactive bot defense
Configuring bot defense logging
Configuring bot signature checking
Configuring TPS-based DoS detection
Configuring behavioral & stress-based DDoS protection
Configuring heavy URL protection
Recording traffic during DoS attacks
Configuring CAPTCHA for DoS protection
Associating a DoS profile with a virtual server