Skip to content

Instantly share code, notes, and snippets.

@Dan-Q
Last active Nov 23, 2022
Embed
What would you like to do?
This PHP script can be used to "proxy" content from third-party sites that block or modify their responses based on the Referer: header.
<?php
define('SECRET_PASSWORD', 'YOUR-SECRET-PASSWORD-GOES-HERE');
if($_GET['pw'] != SECRET_PASSWORD) http_response_code(403) && die();
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $_GET['url']);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_REFERER, $_GET['referer']);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_BINARYTRANSFER, 1);
$return = curl_exec($ch);
curl_close($ch);
echo $return;
@Dan-Q
Copy link
Author

Dan-Q commented Nov 23, 2022

Call it with e.g. /referer-faker.php?pw=YOUR-SECRET-PASSWORD-GOES-HERE&referer=https://example.com/the-page-youre-pretending-to-be-on&url=https://example.com/the-url-you-want-to-get.jpg.

For more details, see https://danq.me/far-side-freshrss-xpath.

Note that headers including Content-Type are not preserved. If you need those headers, including them is left as an exercise for the reader. For hints at a lazy solution, consider https://github.com/thewisenerd/spoof_referer-php/blob/master/index.php.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment