This bypass technique targets the CloudFront Web Application Firewall (WAF), specifically a rule blocking access to the Spring Boot Actuator endpoints. The bypass uses URL encoding to evade detection by the WAF. For example, the word 'actuator' is broken down and each character 'a', 'c', 't' is percent-encoded individually in different requests: '%61ctuator', 'a%63tuator', 'ac%74uator'. These encoded requests successfully bypass the WAF rule and return real Actuator data with HTTP status 200. The size of the response is about 5122 to 5123 bytes, confirming that the underlying application is responding genuinely. This shows how encoding payloads can be used to circumvent WAF rules that do not properly decode or inspect encoded characters in URLs. It is critical for security mechanisms to decode URL inputs before applying blocking rules to prevent such bypasses.