server latency, which is called heavy tailed.

To validate automatic detection, you can view the URL Latencies report (Security >
Reporting > DoS >
URL Latencies) periodically to check that the latency threshold that you used is
close to the value in the
latency histogram column for all traffic. You should set the latency threshold so
that approximately 95%
of the requests for the virtual server have lower latency.
By reviewing the URL Latencies report and sorting the URLs listed by latency, you
can make sure that
the URLs that you expect to be heavy are listed in the DoS profile. Also, if the
system detects too many
(or too few) heavy URLs, you can increase (or decrease) the latency threshold.
Recording traffic during DoS attacks
If you have DoS protection enabled, you can configure the system to record traffic
during DoS attacks.
By reviewing the recorded traffic in the form of a TCP dump, you can diagnose the
attack vectors and
attackers, observe whether and how the attack was mitigated, and determine whether
you need to change
the DoS protection configuration.
1. On the Main tab, click Security > DoS Protection > DoS Profiles.
The DoS Profiles list screen opens.
2. Click the name of an existing DoS profile (or create a new one, then open it),
and click the
Application Security tab.
3. On the left, under Application Security, click General Settings,