Php script against Web scanners. Most Web scanners (including the upload and Management backend scanners) determine whether a page exists by judging the HTTP 200 return, during the scanning period, most Web scanners (including the upload and management background scanners) determine the existence of pages by judging the HTTP 200 return, these scans start to scan vulnerabilities. Since internal logic cannot be strictly controlled, let's talk about the bottleneck of input/output. when incorrect passwords or permissions fail to be entered, we will return an HTTP message of 400 error to mislead the scanner to stop scanning (including which Manual intruders)
Take PHP as an example:
The code is as follows:
Ob_start ();
If ('password '! = $ _ GET ['password'])
Header ("HTTP/1.1 404 Not Found ");
?>
Sample
The scanner (including the upload and Management backend scanner) determines the existence of the page by judging the HTTP 200 return. on the basis of the existence of the page, these scanning periods will start to work on...