Today the slow DDOS configs are at the LB level. They cannot be overridden at the Route level. This means any change impacts all APIs or endpoints on that LB. As a security improvement, it would be ideal to be able to adjust the slow DDOS settings per API. Such as via the Route object or via a custom Service Policy rule applied under Common Security Controls.

why - To allow clients with slow upload speeds, we had to remove the upper timeout limit on the slow DDOS. This means all endpoints on that website/LB now have no upper limit. It would be nice to minimize that security control removal to only the single necessary endpoint . Only relax controls where needed instead of across the entire LB.

how - via Route object or Service Policy.

how - allow the LB to retain multiple configs for the same security control, the LB level config as the default, and then use the URL Path specific config if there is such a config for the matching path.

Note the only scenario where I've experienced this feature would be beneficial is the file upload scenario (a web site, open to a wide range of users with varying upload speeds).