HTTP PATCH flood
Partial update traffic for APIs that accept incremental changes. Can stress merge logic and partial validation rules.
How it works
- Smaller bodies than PUT but still write-path heavy.
- Merge/patch handlers may lock rows or documents.
- Often overlooked in read-only load tests.
Packet flow (illustrative)
Engarde node Target
→TCP established
→METHOD /resource/id HTTP/1.1
→Entity body (write path)
Illustrative flow — not a live capture.
Focus Partial updates
Engarde PATCH mode
Layer L7
What to watch in Engarde
- Conflict errors (409) under concurrency.
- DB row-level lock wait time.
Running this simulation
Run PATCH simulation on staging APIs before major releases.
Mitigation perspective
Throttle write methods separately from GET in WAF/API gateway.