Most web scanners, including uploads, management background scanners, determine the existence of a page by judging the 200 return of HTTP, and the scan period will begin to scan the vulnerability on the basis of the existence of the page. Since there is no guarantee that the internal logic is tight, then the input/output this bottleneck, when the wrong password or failure to enter, we ourselves returned a 400 error HTTP message to mislead the scanner to no longer scan (including which manual intruders)
Take PHP for example:
Copy CodeThe code is as follows:
Ob_start ();
if (' Password '! = $_get[' Password ')
Header ("http/1.1 404 Not Found");
?>
<title>Sample</title>
http://www.bkjia.com/PHPjc/319508.html www.bkjia.com true http://www.bkjia.com/PHPjc/319508.html techarticle most web scanners (including uploads, management background scanners) are determined by the 200 return of HTTP to determine the existence of the page, on the basis of the existence of the page, these scanning period will begin to ...