I’ve been trying to make a proxy for a web-game I’ve been working on. The game’s engine demands all requests to the game’s server to be HTTPS, which I’m incapable of doing at the moment. To bypass that I’m using the proxy in the form of a php script on the web server the game’s client is hosted on. For some reason though, when the request to the proxy is made, proxy somehow tells browser that the resource it’s accessing is not on HTTPS. I’d like to avoid this behavior, but I don’t know whether it’s due to PHP or due to Apache. Proxy’s code is a basic cURL request to the game server ip, which is then simply echoed into the proxy’s page
Edit: here’s the proxy file’s code:
<?php
function curlPost($url, $data = NULL, $headers = []) {
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 5); //timeout in seconds
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_ENCODING, 'identity');
if (!empty($data)) {
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
}
if (!empty($headers)) {
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
}
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
$response = curl_exec($ch);
if (curl_error($ch)) {
trigger_error('Curl Error:' . curl_error($ch));
}
curl_close($ch);
return $response;
}
echo curlPost("http://[server_ip]/" . ($_SERVER['REQUEST_METHOD'] == "POST" ? $_POST : $_GET)["resource"], json_encode($_SERVER['REQUEST_METHOD'] == "POST" ? $_POST : $_GET, JSON_FORCE_OBJECT));
Edit 2: The error browser throws is as follows:
The page at ‘https://[game_webpage]/’ was loaded over HTTPS, but
requested an insecure resource ‘http://[server_ip]’. This request has
been blocked; the content must be served over HTTPS.