HTTP/S POST flood
TLS-wrapped POST requests stress write paths, WAF body inspection, and backend validation — on top of SSL termination cost.
How it works
- Engarde preset: HTTP/S POST Flood (attack_type HTTP, flag POST).
- Each session: TCP → TLS → encrypted POST with body.
- Higher CPU than HTTP/S GET due to payload parsing and DB writes.
- Compare with cleartext POST Flood to isolate TLS overhead.
Packet flow (illustrative)
Engarde node Target
→SYN · SYN-ACK · ACKTCP
→TLS handshake
→Application Data: POST /api …
→{ encrypted body }
Illustrative flow — not a live capture.
Engarde preset HTTP/S POST Flood
Metric RPS, body latency, 413/429
Layer L7 + TLS
What to watch in Engarde
- WAF body size limits triggering before origin.
- DB connection pool under sustained POST RPS.
- 502 when SSL frontends saturate before app tier.
Running this simulation
Select HTTP/S POST Flood; target authorized API write endpoint with disposable test data.
Mitigation perspective
Method-specific rate limits at API gateway; size caps and TLS offload sizing from HTTP/S POST simulation.