Most web scanners (including upload and management background scanners) determine the existence of a page by judging the HTTP 200 return. Based on the existence of the page, these scanning periods will start scanning for vulnerabilities. Since the internal logic cannot be guaranteed to be tight, we will focus on the input/output bottleneck. When an incorrect password is entered or the permission fails, we return a 400 error HTTP message ourselves to mislead the scanner not to continue scanning (including Which manual intruders)
Take PHP as an example:
How to open php file
How to remove the first few elements of an array in php
What to do if php deserialization fails
How to connect php to mssql database
How to connect php to mssql database
What to do if an error occurs in the script of the current page
How to upload html
How to solve garbled characters in PHP
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
