绕过apache目录IP限制技巧

显示不全请点击全屏阅读

今天搞一个网站,得到后台.

但是打开得到 如下错误.
 
 
403 Forbidden
 
Request forbidden by administrative rules.
 
这情况一般是 没有首页.或者限制IP. 明显后台首先是存在的.
因为是ECSHOP的系统,后台index.php不能随意更改..修改的话同时需要修改一大堆调用.不便修改,那么就是IP限制了..
 
 

http://xxx.es/es/xxxs_admin_manager/

 
这样访问提示
23E38823-8DA6-4BA5-8566-B518515D71D3
 
但当访问 http://xxx.es/es//xxxs_admin_manager/
这样奇迹就发生了
9A8CDA60-2D5D-4B8F-9472-6EB1B21CBD4C
因为conf文件是
 
 
<directory “/www/xxxs_admin_manager”>
    Options Indexes FollowSymLinks
    AllowOverride None
    Order allow,deny
    #Allow from all
    Allow from 10.0.0.116
    #Deny from 10.0.0.0/24
</directory>
/即符合规制APACHE执行限制,当时当加多一个//APACHE规制即不生效.
 
test 环境
 
+ Server: Apache/2.2.8 (CentOS)
+ Retrieved x-powered-by header: PHP/5.2.10
+ The anti-clickjacking X-Frame-Options header is not present.
+ Root page / redirects to: http://xx/?
+ Server banner has changed from ‘Apache/2.2.8 (CentOS)’ to ‘Apache/2.2.3 (CentOS)’ which may suggest a WAF, load balancer or proxy is in place

posted on 2013-08-22 21:16  =_=!  阅读(1423)  评论(0编辑  收藏  举报

导航