Skip to content

Instantly share code, notes, and snippets.

Last active Nov 23, 2022
What would you like to do?
This PHP script can be used to "proxy" content from third-party sites that block or modify their responses based on the Referer: header.
if($_GET['pw'] != SECRET_PASSWORD) http_response_code(403) && die();
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $_GET['url']);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_REFERER, $_GET['referer']);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_BINARYTRANSFER, 1);
$return = curl_exec($ch);
echo $return;
Copy link

Dan-Q commented Nov 23, 2022

Call it with e.g. /referer-faker.php?pw=YOUR-SECRET-PASSWORD-GOES-HERE&referer=

For more details, see

Note that headers including Content-Type are not preserved. If you need those headers, including them is left as an exercise for the reader. For hints at a lazy solution, consider

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment