DDoS HTTP Flood Protection
Distributed Denial of Service (DDoS) attacks seek to overwhelm your application with illegitimate requests. Network-protocol-based DDoS attempts like UDP floods, ICMP floods, and other attacks are automatically blocked.
Application-level DDoS attempts (where massive numbers of HTTP GET/POST requests are issued in rapid succession) are more difficult to block, because outwardly they look very much like legitimate traffic.
If you're currently under DDoS attack or suspect that you will be, set the HTTP Flood (DDOS) Mode setting on the Stop Attacks page of your Expedited WAF dashboard to Filtering. This forces each client making requests to be able to execute javascript.
This requirement eliminates most DDOS HTTP Floods, which are conducted with low-resource, script-based tools that can't run javascript.