Modes

Dhal has four modes.

Mode	Behavior	Recommended use
`off`	Disable inspection decisions	Temporary disablement only
`monitor`	Detect and log without blocking globally	First install and dry-run
`block`	Actively block matched requests	Route-level enforcement after review
`strict`	Aggressive enforcement	Hardened internal APIs only

Start in monitor

{
  "mode": "monitor"
}

This gives you visibility without breaking traffic.

Enforce by route

Prefer route-level enforcement:

{
  "mode": "monitor",
  "routes": {
    "/api/login": {
      "mode": "block",
      "rateLimit": {
        "windowSeconds": 60,
        "max": 5,
        "keyBy": ["ip", "route"]
      },
      "rules": {
        "credentialStuffing": true,
        "bot": true
      }
    }
  }
}

Avoid global strict early

Do not switch a new production install directly to global strict. Use dhal replay, dhal doctor, and route-specific profiles first.

Documentation Index

​Modes

​Start in monitor

​Enforce by route

​Avoid global strict early

Modes

Start in monitor

Enforce by route

Avoid global strict early