-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathproxy.php
More file actions
138 lines (112 loc) · 3.61 KB
/
Copy pathproxy.php
File metadata and controls
138 lines (112 loc) · 3.61 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
<?php
/**
* Glances Proxy
* Proxies requests to Glances servers to bypass X-Frame-Options restrictions
*/
require_once 'auth.php';
// Require authentication
if (!isAuthenticated()) {
http_response_code(401);
die('Authentication required');
}
require_once 'config.php';
$SERVERS = getServers();
// Get server key
$serverKey = $_GET['server'] ?? null;
if (!$serverKey || !isset($SERVERS[$serverKey])) {
http_response_code(404);
die('Server not found');
}
$server = $SERVERS[$serverKey];
$protocol = $server['ssl'] ? 'https' : 'http';
$baseUrl = "{$protocol}://{$server['host']}:{$server['port']}";
// Get the requested path (default to root)
$path = $_GET['path'] ?? '/';
$path = ltrim($path, '/');
// Build full URL
$url = $baseUrl . '/' . $path;
// Forward query string if present
if (!empty($_SERVER['QUERY_STRING'])) {
// Remove our proxy params
parse_str($_SERVER['QUERY_STRING'], $params);
unset($params['server']);
unset($params['path']);
if (!empty($params)) {
$url .= '?' . http_build_query($params);
}
}
// Initialize cURL
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
curl_setopt($ch, CURLOPT_HEADER, true);
// SSL options
if ($server['ssl']) {
configureCurlSSL($ch);
}
// Authentication if provided
if (isset($server['username']) && isset($server['password'])) {
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_USERPWD, "{$server['username']}:{$server['password']}");
}
// Forward request method
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $_SERVER['REQUEST_METHOD']);
// Forward POST data if present
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
curl_setopt($ch, CURLOPT_POSTFIELDS, file_get_contents('php://input'));
}
// Forward headers (except Host and some others)
$headers = [];
foreach (getallheaders() as $name => $value) {
$lowerName = strtolower($name);
if (!in_array($lowerName, ['host', 'connection', 'accept-encoding'])) {
$headers[] = "$name: $value";
}
}
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
// Execute request
$response = curl_exec($ch);
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
$headerSize = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
$contentType = curl_getinfo($ch, CURLINFO_CONTENT_TYPE);
if ($response === false) {
http_response_code(502);
die('Proxy error: ' . curl_error($ch));
}
// Split headers and body
$responseHeaders = substr($response, 0, $headerSize);
$responseBody = substr($response, $headerSize);
curl_close($ch);
// Parse and forward response headers
$headerLines = explode("\r\n", $responseHeaders);
foreach ($headerLines as $header) {
$header = trim($header);
if (empty($header) || strpos($header, 'HTTP/') === 0) {
continue;
}
// Skip headers that would break the proxy
$lowerHeader = strtolower($header);
if (
strpos($lowerHeader, 'x-frame-options:') === 0 ||
strpos($lowerHeader, 'content-security-policy:') === 0 ||
strpos($lowerHeader, 'transfer-encoding:') === 0 ||
strpos($lowerHeader, 'content-encoding:') === 0
) {
continue;
}
header($header);
}
// Set HTTP response code
http_response_code($httpCode);
// Modify HTML to fix relative URLs
if ($contentType && strpos($contentType, 'text/html') !== false) {
// Replace relative URLs with proxy URLs
$proxyUrl = "proxy.php?server=" . urlencode($serverKey) . "&path=";
$responseBody = preg_replace(
'/(href|src)="\/([^"]*)"/',
'$1="' . $proxyUrl . '$2"',
$responseBody
);
}
echo $responseBody;