403 Bypass Testbed — Nginx → Apache

https://403.brutelogic.net/access/rproxy/admin               # IP Header Trust
https://403.brutelogic.net/access/rproxy/config              # Verb Tampering (GET Blocked)
https://403.brutelogic.net/access/rproxy/internal            # Referer Trust
https://403.brutelogic.net/access/rproxy/secure              # Protocol Header Trust
https://403.brutelogic.net/access/rproxy/api/private         # Verb Tampering (PUT Required)
http://403.brutelogic.net:8081/access/rproxy/path            # Path Normalization Delta (requires direct chain)
https://403.brutelogic.net/access/rproxy/encoded             # URL Encoding Bypass
https://403.brutelogic.net/access/rproxy/rewrite             # X-Original-URL Header Trust
https://403.brutelogic.net/access/rproxy/suffix              # Path Suffix Bypass
https://403.brutelogic.net/access/rproxy/v1/resource         # API Version Prefix Bypass
https://403.brutelogic.net/access/rproxy/rewritepath         # RewriteCond Anchor Bypass
http://403.brutelogic.net:8081/access/rproxy/protocol10      # HTTP/1.0 Protocol Bypass (requires direct chain)
http://403.brutelogic.net:8081/access/rproxy/hopbyhop        # Hop-by-Hop Header Stripping (requires direct chain)

© 2026 Brute Logic — All rights reserved.