How to defend your website with ZIP bombs
▻https://blog.haschek.at/post/f2fda
So it turns out #ZIP compression is really good with repetitive data so if you have a really huge text file which consists of repetitive data like all zeroes, it will compress it really good. Like REALLY good.
As 42.zip shows us it can compress a 4.5 peta byte (4.500.000 giga bytes) file down to 42 kilo bytes. When you try to actually look at the content (extract or decompress it) then you’ll most likely run out of disk space or RAM.
Sadly, web browsers don’t understand ZIP, but they do understand GZIP.
So firstly we’ll have to create the 10 giga byte GZIP file filled with zeroes. We could make multiple compressions but let’s keep it simple for now.