Silent mode

[jroth55]

I do not want the remote site to be able to detect a proxy visiting the site. I want it to appear to be a browser.

I've noticed certain headers are passed on to the remote site. How can I stop the following header information being passed on? HTTP_PHP_AUTH_USER, HTTP_PHP_AUTH_PW, HTTP_REFERER, HTTP_AUTHORIZATION

Thanks.

[Athlon1600]

Where have you seen these headers being sent? If you visited http://azenv.net you would see that nothing like that is being passed. Whatever headers the browser is sending to PHP-Proxy, those will be forwarded to your destination site exactly, but why would your browser be sending those in the first place? Are you on some kind of school/work computer?

[jroth55]

You are correct. Let me separate the two issues:

1. The php-proxy script is in a .htaccess protected directory which creates the HTTP_PHP_AUTH_USER, HTTP_PHP_AUTH_PW, HTTP_AUTHORIZATION headers. Therefore, how do I block these from forwarding through to the destination site?
2. The HTTP REFERER of every page visited will be the url of the php-proxy. This is not good because it shows php-proxy is being used. I would suggest HTTP_REFERER should be the previous destination site url instead, then the headers will not give away that php-proxy is making the requests.

[Athlon1600]

1. I know what you're saying, the script should probably keep a whitelist of headers that are to be passed to the destination server instead of forwarding them all. In the meantime, you could just edit HeaderRewritePlugin and add:

$event->getRequest()->headers->remove('HTTP_PHP_AUTH_USER'); $event->getRequest()->headers->remove('HTTP_PHP_AUTH_PW'); .... etc

into onBeforeRequest section. I'll probably fix this by the end of the week anyways.

2. I started working on this exact thing yesterday when I was dealing with Twitter who doesn't like fake referrers either. This will be fixed very soon.