wh1t3p1g/bypass waf by http headers

## bypass waf by http headers
- X-forwarded-for
- X-remote-IP
- X-originating-IP
- x-remote-addr
waf通常会有一个不拦截任意请求的白名单ip，上面的几个头可以用来伪造ip
如：
X-Forwarded-For: 127.0.0.1
X-Remote-Ip: 127.0.0.1
X-Originating-Ip: 127.0.0.1
X-Remote-Addr: 127.0.0.1
参考：http://www.securityaegis.com/bypassing-web-application-firewalls-using-http-headers/
	- X-forwarded-for
	- X-remote-IP
	- X-originating-IP
	- x-remote-addr
	waf通常会有一个不拦截任意请求的白名单ip，上面的几个头可以用来伪造ip
	如：
	X-Forwarded-For: 127.0.0.1
	X-Remote-Ip: 127.0.0.1
	X-Originating-Ip: 127.0.0.1
	X-Remote-Addr: 127.0.0.1
	参考：http://www.securityaegis.com/bypassing-web-application-firewalls-using-http-headers/