imagine we have this website

now let’s intercept the request

now let’s try to change the host header to the IP

and as we see we go 403 forbidden

now let’s try to supply the challenge url to the GET and see what will happen

as we see we bypassed the restriction

as we see we go redirect to the admin page

now let’s see the response in browser

now let’s intercept the request

and we solved the lab