L7 GET vs HTTP/S

Plain GET vs HTTP/S (TLS) floods

Engarde exposes plain GET Flood and separate HTTP/S presets per method (GET, POST, PUT, PATCH, DELETE). Comparing them isolates TLS overhead from application-layer limits.

How it works

GET Flood: cleartext HTTP to port 80 (or configured URL) — no TLS handshake.
HTTP/S GET Flood: TCP + TLS + encrypted GET — stresses SSL termination first.
Same RPS target may saturate SSL frontends before origin workers on HTTP/S.
Use Target Monitor latency split to see where degradation starts.

Packet flow (illustrative)

Left path: HTTP GET after TCP. Right path (HTTP/S): add TLS before GET.

Engarde node Target

→SYNseq=1000

←SYN-ACKseq=2000 ack=1001

→ACKack=2001

→GET /api/status HTTP/1.1

←HTTP/1.1 200 OK

Illustrative flow — not a live capture.

Cleartext GET Flood preset

TLS HTTP/S + method flag

Metric RPS, TLS CPU, 502 rate

What to watch in Engarde

Handshake completion rate on HTTP/S vs. instant requests on plain GET.
CDN edge behavior when only origin supports HTTPS.
WAF rules that differ between HTTP and HTTPS listeners.

Running this simulation

Run GET Flood and HTTP/S GET Flood back-to-back on the same authorized URL path; compare reports in Attack Monitor.

Mitigation perspective

Size SSL infrastructure using HTTP/S simulation results; do not rely on plain GET tests alone for HTTPS-only services.