I recently tried to follow this link and was met with the equivalent of a 403!
I was like, “I’m not having that!” and was about to turn on my VPN when I thought, “my webserver’s located in the states, why not just make a proxy?”
So I did a very, very, simple web proxy…
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>BTK's Web Proxy</title>
</head>
<body>
<div style="text-align:center;">
<form method="GET" action="<?=$_SERVER['REQUEST_URI']?>">
<input type="url" name="url" placeholder="Type URL of site"/><input type="submit" Value="Load url" />
</form>
</div>
<hr/>
<?php
$url = $_GET['url'];
if (!empty($url))
{
// check we're only getting files served by a website (i.e. not ../../../passwords.txt from this server etc.)
if(preg_match('/^https?:/i', $url))
{
$contents = file_get_contents($url);
if($contents === FALSE)
{
echo "<h2>Sorry <pre>{$url}</pre> cannot be read</h2>\n";
}
//display contents of url
else
{ ?>
<?=$contents?>
<script>for (var i=0; i<document.links.length; i++) document.links[i].href="<?=$_SERVER['PHP_SELF']?>?url="+document.links[i].href;</script>
<?php }
}
else
{
echo "<h2><pre>$url</pre> is an invalid URL</h2>\n";
}
}
?>
</body>
</html>
Essentially this is a form that takes an url and displays the contents of the url. Using html5 we have the input type of “url” which handles our validating, though as this is down to the support of the client(non-supporting clients render this as a type=”text” field and do no validation) we have some validation on the server too. There’s also nothing to stop someone just editing the page URL in their address bar to try to access a local file etc.
So now I can see the restricted content. Result!
I added a little javascript for ease to rewrite all the links, so you can click through and have the pages parsed by the web proxy.
Loading tweets...
billy