Make sure we do not proxify our own proxy URL

Athlon1600 / php-proxy

A web proxy script written in PHP and built as an alternative to Glype.

https://www.php-proxy.com

MIT License

298 stars 158 forks source link

Make sure we do not proxify our own proxy URL #44

Closed webaddicto closed 7 years ago

webaddicto commented 7 years ago

Inside function proxify_url($url, $base_url = '') we make sure that: 1) The proxy cannot proxify "itself". 2) Allow only http, https, ftp in scheme on $url. 3) Not proxify localhost and internal IP addresses.

Good improvements for security reasons.

webaddicto commented 7 years ago

This can be closed, I made a simple SecurityPlugin and submitted the PR here: https://github.com/Athlon1600/php-proxy-plugin-bundle/pull/2