Most web scanners (including upload and management background scanners) determine the existence of a page by judging the HTTP 200 return. Based on the existence of the page, these scanning periods will start scanning for vulnerabilities. Since the internal logic cannot be guaranteed to be tight, we will focus on the input/output bottleneck. When an incorrect password is entered or the permission fails, we return a 400 error HTTP message ourselves to mislead the scanner not to continue scanning (including Which manual intruders)
Take PHP as an example:
Copy the code The code is as follows:
ob_start();
if ('Password' != $_GET['password'])
header("HTTP/1.1 404 Not Found");
?>
