|
|
|
|
|
|
by parts
1558 days ago
|
|
|
Hi, article author here. Cloud Armor will drop requests without regard to the size of the request body for HTTP PUT or PATCH request (i.e., the payload won't have to padded with 8192 bytes, like in the case of POST requests.) Of course, for an attacker to successfully exploit this, the underlying application would have to be configured to accept and process PUT/PATCH requests. As for query parameters in GET requests, I'm not entirely sure about Cloud Armor's limits there. I'll check and get back to you. |
|
|
Pad your POST query by 8k and you are through!