Security for everyone

X-Forwarded-For 403-forbidden Bypass Fuzz & Scanner

Detect 403 forbidden endpoint bypass behind Nginx/Apache proxy & load balancers, based on X-Forwarded-For header.


Short Info




Single Scan

Can be used by

Asset Owner

Estimated Time

60 sec

Scan only one

Domain, Ipv4

Parent Category

X-Forwarded-For 403-forbidden Bypass Fuzz & Scanner Detail

The X-Forwarded-For (XFF) HTTP header field is a common method for identifying the originating IP address of a client connecting to a web server through an HTTP proxy or load balancer.

In cases where the recording mechanisms of web servers that can log HTTP headers fail to process the X-Forwarded-For header sent by the user, buffer overflow, command execution with web server rights, corruption of the file or format by entering corrupted data into the log files, etc. may be affected by security problems.

cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture