Turbopack WAF Reproduction

This app demonstrates that Turbopack generates chunk filenames with multiple dots (e.g., 0od.e4.nsryo4.js) which trigger WAF "multiple file extension" security rules resulting in 403 Forbidden.

Instructions

1. Open DevTools → Network tab
2. Click the button below to load dynamic chunks
3. Observe chunk filenames in the network requests — some will have multiple dots
4. If deployed behind a WAF with multi-extension rules, some chunks will return 403

Chunk Listing

After build, check _next/static/chunks/ for filenames containing multiple dots. Any file matching a pattern like name.xx.yy.js (3+ dots) will be blocked by standard WAF rules.