On 5 November 2013 15:25, António P. P. Almeida [email protected]
Assuming you’re using php-fpm or php-cgi you can set a param to pass that as
a server variable:
fastcgi_param HTTP_PROXY ‘http://proxy:myport’;
Then you’ll have a $_SERVER[‘HTTP_PROXY’] entry for the global $_SERVER.
I don’t think this is right, for a couple of reasons.
Firstly, some reading has suggested that there isn’t a way to force
the stock PHP HTTP request libraries to use a proxy just by setting an
envvar. Witness, for instance, the code-level changes that are
(/were?) required to get a relatively mainstream piece of s/w like WP
to work with an outbound proxy:
Secondly, the specific string mentioned would (unless I’m missing
something, which is very possible!) open a security hole: $SERVER
contains all user-specified HTTP request headers with added "HTTP"
prefixes. The method suggested, if it worked, would mean that, as a
user, I could simply provide a “Proxy: my.proxy.server.ip” header and
get all outbound HTTP traffic (for my request) proxied via my
external server. Thereby exposing internal information such as 3rd
party API passwords, internal HTTP API call details, etc etc.
Again, I may be missing something with either of these points but,
obviously, I don’t see what it might be!