既然要,肯定要有一台墙外主机。为了配合加密,以及 HTTP/HTTPS 协议代理,需要编译有 mcrypt 和 curl 的 PHP;在如今我估计这应该都属于web主机标配环境.
如果是文本数据,就加密后返回;如果非文本数据,就不加密了。返回给本地代理以第一个字符是"0" or "1"来指示接下来的数据是否经过加密。
$PASSWORD = "yourpasswordhere";
$pw_md5 = md5($PASSWORD, true);
$key = substr($pw_md5, 0, 8);
$iv = substr($pw_md5, 8, 8);
$input = file_get_contents("php://input");
$td = mcrypt_module_open('des', '', 'cbc', '');
mcrypt_generic_init($td, $key, $iv);
if (strlen($input) > 0 && $input % 8 == 0) {
$input = strip_pkcs7("des", "cbc", mdecrypt_generic($td, $input));
$req = explode("\r\n\r\n", $input, 3);
$rawreqline = explode(" ", $req[0]);
$url = parse_url($rawreqline[1]);
$_headers = explode("\r\n", trim($req[1]));
//$_headers[count($_headers)] = "X-Forwarded-For: ".$_SERVER['REMOTE_ADDR'];
if ($url["scheme"] == "http" || $url["scheme"] == "https") {
$ch = curl_init($rawreqline[1]);
/* avoid HTTP/1.1 Transfer-Encoding: chunked */
curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0);
curl_setopt($ch, CURLOPT_HTTPHEADER, $_headers);
curl_setopt($ch, CURLOPT_HEADER, 1);
if ($url["scheme"] == "https") {
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
}
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
if ($rawreqline[0] == "POST" && count($req) == 3) {
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $req[2]);
}
$data = curl_exec($ch);
curl_close($ch);
}
$text_mode = "0";
$res = explode("\r\n\r\n", $data, 2);
$header = explode("\r\n", $res[0], 2); // STATUS HEADER
$headers = explode("\r\n", $header[1]);
foreach ($headers as $hline) {
$h = explode(":", $hline, 2);
$k = strtolower(trim($h[0]));
if ($k == "content-type" && strpos(strtolower(trim($h[1])), "text/") === 0) {
$text_mode = "1";
break;
}
}
if ($text_mode == "1") {
mcrypt_generic_deinit($td);
mcrypt_generic_init($td, $key, $iv);
$data = mcrypt_generic($td, padding_pkcs7("des", "cbc", $data));
}
$data = $text_mode . $data;
}
?>=$data?>