parlov docs
Oracle ClassesExistence OracleStatus Code DiffHEADForcing 414 URI Too Long

Forcing 414 URI Too Long

Per RFC 9110 §15.5.15, the oracle exists when the application enforces per-endpoint URI length limits after resolving the resource.

Implemented

Mechanism: Per RFC 9110 §15.5.15, the oracle exists when the application enforces per-endpoint URI length limits after resolving the resource.

Isolated Variable: Only the URI length changes via an appended query string.

Oracle Signal: 414 (exists) vs 404 (does not exist).

HEAD — Existing Resource (Oversized Query String)

HEAD /api/users/1001?padding=AAAAAAA...AAAA HTTP/1.1
Host: target.com
Authorization: Bearer valid-token

HTTP/1.1 414 URI Too Long

HEAD — Non-Existing Resource

HEAD /api/users/9999?padding=AAAAAAA...AAAA HTTP/1.1
Host: target.com
Authorization: Bearer valid-token

HTTP/1.1 404 Not Found

Mitigation: Enforce URI length limits at the reverse proxy layer before the request reaches the application.

Forcing 406 Not Acceptable

Per RFC 9110 §12.5.6, a server performing proactive content negotiation may send 406 when it cannot produce a representation matching the Accept value.

POST

Status code differentials observed via POST requests.