DOS Profil Questions

So many questions at once. :-). Let me try..

1. How do auto-thresholds work? When you build policy automatically, it understands the traffic, per-URI, and gets an idea of how many PPS, TPS and req/resp sizing of packets and flows. Again.. PER-URI. So the thresholds know if a URI typically has a 5k req. and gets a 500k resp. normally. It will threshold to the peak. If the VIP is variable, it will understand that, as well and ends up thresholding more to the delta between req / resp to understand that a resp could be proportionately larger as per the difference between the smallest respones and the peak. 

2. I would not recommend that you use one policy for mobile and browser based. Maybe one VIP, but you should definitely select policy based on EUD.

3. You would do it either way. Can you show me the screen where you're mitigating DoS with CAPTCHA? You're talking about AFM as though it's a WAF. Are you using AFM or AWAF (ASM)?

4. It considers that threshold as whatever you set it to.

Quick thing.. DoS profiles usually work to defend against UDP / TCP / packets.

L7 is not done with a DoS profile unless you're doing DPI.. which is disctinctly NOT WAF.

Please just tell me what you want to do.. zIt sounds like you need AWAF, not AFM.