Route profiles

Route profiles let Dhal apply different policies to different application surfaces.

{
  "mode": "monitor",
  "routes": {
    "/api/login": {
      "mode": "block",
      "tags": ["auth", "public"],
      "rateLimit": {
        "windowSeconds": 60,
        "max": 5,
        "keyBy": ["ip", "route"]
      },
      "rules": {
        "credentialStuffing": true,
        "bot": true
      },
      "response": {
        "message": "Request blocked"
      }
    },
    "/api/upload": {
      "mode": "block",
      "rules": {
        "largePayload": {
          "enabled": true,
          "maxBytes": 5242880
        }
      }
    }
  }
}

Recommended route types

Create explicit profiles for:

• /api/login;
• /api/auth/*;
• /api/upload;
• /api/admin/*;
• webhook receivers;
• payment or checkout routes;
• tenant-scoped APIs.

Rollout strategy

Start global monitor, then move individual high-confidence routes to block.