public function getHeaders() { $headers = $this->headers; Log::add($headers, 'headers raw'); // For HTML content, overwrite upstream cache conf. if (isset($headers['Cache-Control'])) { if ($this->getContentType() == $this::CONTENT_TYPE_TEXT_HTML) { unset($headers['Cache-Control']); } } else { if ($this->getContentType() == $this::CONTENT_TYPE_OTHER) { $headers['Cache-Control'] = getCacheControlHeader(60 * 60, 60 * 60, 60 * 60 * 24); } } // If redirect, rewrite Location header. if (isset($headers['Location'])) { if (parse_url($headers['Location'], PHP_URL_HOST)) { TextExternalUrlFilters::applyAll($headers['Location']); } // Header redirects require full URLs, with scheme and host. if (!parse_url($headers['Location'], PHP_URL_HOST)) { $headers['Location'] = RedirectWhenBlockedFull::getBaseUrl(true) . ltrim($headers['Location'], '/'); } } // Rewrite set-cookie headers (or remove if cookies disabled). if (isset($headers['Set-Cookie'])) { if (!Conf::$cookies_enabled) { unset($headers['Set-Cookie']); } else { if (is_array($headers['Set-Cookie'])) { foreach ($headers['Set-Cookie'] as &$set_cookie) { $set_cookie = $this->getFilteredSetCookie($set_cookie); } } else { $headers['Set-Cookie'] = $this->getFilteredSetCookie($headers['Set-Cookie']); } } } // Unset some. $skip = array('Connection', 'Content-Encoding', 'Transfer-Encoding', 'X-Original-Content-Encoding'); foreach ($skip as $s) { if (isset($headers[$s])) { unset($headers[$s]); } } Log::add($headers, 'headers filtered'); return $headers; }
<?php /* * Modify as needed, and rename this file to conf-local.inc. */ // The main URL you want to proxy. Conf::$default_upstream_base_url = ''; // Third party hosts which should also be proxied (eg example.com). TextExternalUrlFilters::addHosts(array()); // To get javascript to work you may have to manually rewrite some text. //TextInternalUrlFilters::addSearch('search', 'replace'); // For debugging. Make sure a directory called 'log' exists and is writable. Log::enable();
public function getUrl() { static $url; if (!isset($url)) { if (isset($_GET[RedirectWhenBlockedFull::QUERY_STRING_PARAM_NAME]) && $_GET[RedirectWhenBlockedFull::QUERY_STRING_PARAM_NAME] == Conf::OUTPUT_TYPE_APK && Conf::$apk_url) { $url = Conf::$apk_url; $filename = basename(parse_url($url, PHP_URL_PATH)); header('Content-Disposition: attachment; filename=' . $filename); // Run after all other code to override other content-type header. register_shutdown_function(function () { header('Content-Type: application/vnd.android.package-archive'); }); } else { $url = RedirectWhenBlockedFull::getRequestUriWithoutQueryStringParam(); $this->removeThisScriptDirFromUrl($url); if (startsWith($url, '/http://') || startsWith($url, '/https://')) { $url = substr($url, 1); if (!TextExternalUrlFilters::matchesUrl($url)) { header('HTTP/1.0 403 Forbidden'); exit; } // If we for some reason have the default upstream host and scheme in the URL, remove them. $url_components = parse_url($url); if ($url_components['host'] == Conf::getDefaultUpstreamBaseUrlComponent('host') && $url_components['scheme'] == Conf::getDefaultUpstreamBaseUrlComponent('scheme')) { $new_url = http_build_path_query_fragment($url_components); $new_url = RedirectWhenBlockedFull::getBaseUrl() . ltrim($new_url, '/'); header('Location: ' . $new_url); exit; } // Use in DomUtlFilters for relative URLs. $base_url_suffix = rtrim(http_build_scheme_host($url), '/') . '/'; RedirectWhenBlockedFull::setBaseUrlSuffix($base_url_suffix); } else { if ($url == '/') { if (Conf::$default_upstream_url) { $url = Conf::$default_upstream_url; } } $url = Conf::$default_upstream_base_url . $url; } } } // Reverse rewrites of parameters inside URL. TextExternalUrlFilters::applyReverse($url); Log::add($url, 'url'); return $url; }
require 'conf-local.inc.php'; function getCacheControlHeader($max_age, $stale_while_revalidate, $stale_if_error) { return 'max-age=' . $max_age . ', stale-while-revalidate=' . $stale_while_revalidate . ', stale-if-error=' . $stale_if_error; } function getDownstreamOrigin() { static $downstream_origin_verified; if (!isset($downstream_origin_verified)) { $downstream_origin_verified = NULL; if (isset($_SERVER['HTTP_ORIGIN'])) { $downstream_origin = $_SERVER['HTTP_ORIGIN']; } elseif (isset($_SERVER['HTTP_REFERER'])) { $downstream_origin = http_build_scheme_host($_SERVER['HTTP_REFERER']); } if (isset($downstream_origin)) { foreach (RedirectWhenBlockedFull::getAltBaseUrls() as $alt_url_base) { if ($downstream_origin == http_build_scheme_host($alt_url_base)) { $downstream_origin_verified = $downstream_origin; break; } } } } return $downstream_origin_verified; } RedirectWhenBlockedFull::addUrlsFromConfDir(); TextExternalUrlFilters::addHost(Conf::getDefaultUpstreamBaseUrlComponent('host')); DomUrlFilters::addAttribute('action'); DomUrlFilters::addAttribute('href'); DomUrlFilters::addAttribute('src');