ppomOk I can confirm that gzip bombs work great!
I almost crashed my PC Firefox testing my own bomb.
I got inspiration from @lord 's article: https://lord.re/en/posts/139-gzip-bomb-nginx/ for the bomb
and from @robin 's article https://icewind.nl/entry/nixos-add-nginx-options/
To automate adding the bomb by default to every virtual host I have (with NixOS).
You can find the result here: https://framagit.org/ppom/nixos/-/commit/9a53e5de1df2ed6a3548d5ae94a8ac1178787248
Setting a Gzip bomb in Nginx without PHP
I was browsing GoAccess to see which 404 errors i was serving. There is more than 18.000 connections to wp-admin.php which is the webadmin of WordPress. There is also many other attempts to different other php things, nothing very legit. It's a chance i use Hugo which is a static site generator. On this webserver there is no PHP or any other dynamic language. Webpages here are only simple plain text files without any logic, the server just read the files and send them.