AI identified a potential for the DDoS in JSON request parsing. While axum already implements body limits it makes sense to document this explicitly and provide operator with configuration options to fine-tune this.
https://docs.rs/axum/latest/axum/extract/struct.DefaultBodyLimit.html
It must be noted that the python Keystone is also "vulnerable" to this attack due to the lack of explicit documentation.