HTTP/S PATCH flood
Partial updates inside TLS sessions. Exercises merge handlers and row-level locks on APIs that accept PATCH.
How it works
- Preset: HTTP/S PATCH Flood.
- Smaller bodies than PUT but still encrypted write-path traffic.
- Frequently overlooked in capacity planning focused on GET traffic.
Packet flow (illustrative)
Engarde node Target
→SYN · SYN-ACK · ACKTCP
→TLS handshake
→Application Data: METHOD /resource
→Encrypted entity body
Illustrative flow — not a live capture.
Engarde HTTP/S PATCH Flood
Focus Partial updates
Layer L7
What to watch in Engarde
- Row lock wait time on hot records.
- WAF JSON parser CPU on small frequent bodies.
Running this simulation
HTTP/S PATCH against authorized staging API; monitor Target Monitor latency vs. cleartext PATCH.
Mitigation perspective
Throttle PATCH separately from GET at CDN/WAF; size limits still apply inside TLS.