I think the buffer size is the limit on what they check for malicious data, so t... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		boxed 22 hours ago \| parent \| context \| favorite \| on: Cloudflare outage on December 5, 2025 I think the buffer size is the limit on what they check for malicious data, so the old 128k would mean it would be trivial to circumvent by just having 128k ok data and then put the exploit after.

whs 19 hours ago [–]

I got curious and I checked AWS WAF. Apparently AWS WAF default limit for CloudFront is 16KB and max is 64KB.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact