An HTTP bomb, also known as Large Payload Post, is a class of HTTP DDoS attack. An ‘HTTP bomb’ uses the HTTP POST method to send large, complex POST requests, usually scripted as an XML data structure, which the target server will then attempt to parse. However, due to the size and complexity of the POST request (i.e., the “bomb”), the server will end up using high amounts of computing resources, ultimately depleting them, and bringing the server down.
This can be a particularly difficult attack to mitigate, since it can use high number of server resources with a limited number of connections. These types of DDoS attacks are also referred to as “Oversize Payload Attacks” or “Jumbo Payload Attacks.