Proxy fails when accessing website on CloudFlare

[hansng7]

I get error message "DNS points to prohibited IP" when trying to access to websites on CloudFlare.

Source:

• https://support.cloudflare.com/hc/en-us/articles/200171826-Error-1002-DNS-points-to-Prohibited-IP
• https://github.com/technoboy10/crossorigin.me/issues/89

[BelleNottelling]

Solution found in one of my branches. Add this in the additional cURL options, //Atempt to report the users real IP (fixes security message on Facebook) curl_setopt($ch, CURLOPT_HTTPHEADER, array("X-Forwarded-For: $ip")); Or use my branch and create a config file for the domain that uses cloudflare and use the same bit of code in it. https://github.com/BenNottelling/miniProxy/tree/ConfigCookies

[joshdick]

I have added an $anonymize setting to miniProxy in 0a059c0 to control sending an x-forwarded-for header.

I tried loading a CloudFlare-hosted site (medium.com) and it loaded just fine even with $anonymize = true;, so I'm not sure whether it really solves the issue?

[BelleNottelling]

I only noticed it when both the host and the website I'm trying to connect to were both on cloudflare

[BelleNottelling]

Can been seen here: http://www.bennottelling.ml/index.php?medium.com (I was writing code to check for cloudflare and then correct for it, just to explain that error)

[joshdick]

I had only tried loading the front page earlier, I see that Medium articles accessed at custom domains do indeed have problems.

I suspect this is actually a problem with the Origin header sent by miniProxy.

[joshdick]

Just pushed 7ddde300581fef6d3710d36918ade16dde124552 which may help with this issue by attempting to correctly rewrite the Origin header.

[BelleNottelling]

@joshdick Issue is still happening with 7ddde30

[daiaji]

@joshdick The problem seems to be in the http://tw.gigacircle.com/3671117-1

[ghost]

i fixed this in a different proxy script by removing cloudflares headers and setting a X-Fowarded-for header

[ariesclark]

Any information regarding this problem? I don't see a solution other then disabling anonymize.

Edit: Disabling anonymize changes nothing, problem persists.

[BelleNottelling]

@RubyTheRose yeah, it doesn't help. Try doing what @ash121121 suggested

[ghost]

ive not looked into fixing this for miniproxy but for PHP-PROXY i created a plugin and used the code below. im setting the xforwarded-for header and clearing cloudflares headers.

<?php

use Proxy\Plugin\AbstractPlugin;
use Proxy\Event\ProxyEvent;

class CloudflarePlugin extends AbstractPlugin {

    protected $cloudflareHeaders = array();

    public function onBeforeRequest(ProxyEvent $event){
        $event['request']->headers->set('X-Forwarded-For', $_SERVER["HTTP_CF_CONNECTING_IP"]);
        // clear Cloudflare headers
        $event['request']->headers->remove('Cf-Ray');
        $event['request']->headers->remove('Cf-Ipcountry');
        $event['request']->headers->remove('Cf-Visitor');
        $event['request']->headers->remove('Cf-Connecting-Ip');
    }
}

[joshdick]

After the today's activity on this issue, I took another look.

Since I don't use CloudFlare, the only way I know how to reproduce this is by trying to load a Medium blog with a custom domain (which, by the way, are being deprecated), like https://blog.twitch.tv.

It looks like the following sequence happens:

1) The proxy attempts to load https://blog.twitch.tv and is 302-redirected to https://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fblog.twitch.tv%2F 2) The redirected-to page attempts to set some cookies and redirect again to the original blog with some sort of tracking parameter appended (probably correlated with whatever cookies were set) https://blog.twitch.tv/?gi=c9c9d39ceff 3) The 2nd redirected-to page attempts to redirect back to https://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fblog.twitch.tv%2F instead of actually loading the content, probably because the cookies are missing

Steps 2-3 keep looping until the browser detects a redirect loop.

I tried loading the page using miniProxy's cookie support branch but didn't get anywhere useful with that either.

If someone can share a way to reproduce this issue without needing to run miniProxy on CloudFlare itself, I can look into it further.