Skip to content

Instantly share code, notes, and snippets.

Last active January 16, 2023 20:08
What would you like to do?
This PHP script can be used to "proxy" content from third-party sites that block or modify their responses based on the Referer: header.
if($_GET['pw'] != SECRET_PASSWORD) http_response_code(403) && die();
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $_GET['url']);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_REFERER, $_GET['referer']);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_BINARYTRANSFER, 1);
$return = curl_exec($ch);
echo $return;
Copy link

Dan-Q commented Nov 23, 2022

Call it with e.g. /referer-faker.php?pw=YOUR-SECRET-PASSWORD-GOES-HERE&referer=

For more details, see

Note that headers including Content-Type are not preserved. If you need those headers, including them is left as an exercise for the reader. For hints at a lazy solution, consider

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment