sharpicx · April 12, 2023 21:39
diff --git a/bypass waf by http headers b/bypass waf by http headers
 - X-forwarded-for
 - X-remote-IP
 - X-originating-IP
 - x-remote-addr
 waf通常会有一个不拦截任意请求的白名单ip，上面的几个头可以用来伪造ip
 如：
 X-Forwarded-For: 127.0.0.1
 X-Remote-Ip: 127.0.0.1
 X-Originating-Ip: 127.0.0.1
 X-Remote-Addr: 127.0.0.1
 参考：http://www.securityaegis.com/bypassing-web-application-firewalls-using-http-headers/
	- X-forwarded-for
	- X-remote-IP
	- X-originating-IP
	- x-remote-addr
	waf通常会有一个不拦截任意请求的白名单ip，上面的几个头可以用来伪造ip
	如：
	X-Forwarded-For: 127.0.0.1
	X-Remote-Ip: 127.0.0.1
	X-Originating-Ip: 127.0.0.1
	X-Remote-Addr: 127.0.0.1
	参考：http://www.securityaegis.com/bypassing-web-application-firewalls-using-http-headers/