From e1f36b9900d077f4d874f29f95f685f21ce33632 Mon Sep 17 00:00:00 2001
From: Petro1990 <petrolobanok@gmail.com>
Date: Fri, 13 Mar 2026 18:48:01 +0300
Subject: [PATCH] =?UTF-8?q?=D0=BE=D0=B1=D0=BD=D0=BE=D0=B2=D0=BB=D0=B5?=
 =?UTF-8?q?=D0=BD=D0=B8=D0=B5:=20v1.2.3=20-=20=D0=A1=D1=82=D0=B5=D0=BB?=
 =?UTF-8?q?=D1=81-=D1=80=D0=B5=D0=B6=D0=B8=D0=BC=20=D0=B4=D0=BB=D1=8F=20?=
 =?UTF-8?q?=D0=BE=D0=B1=D1=85=D0=BE=D0=B4=D0=B0=20403=20Forbidden=20(Heade?=
 =?UTF-8?q?r=20Spoofing=20&=20Cookie=20Translation)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 rproxy | 28 +++++++++++++++++++++-------
 1 file changed, 21 insertions(+), 7 deletions(-)

diff --git a/rproxy b/rproxy
index 90ffcce..d9984e0 100644
--- a/rproxy
+++ b/rproxy
@@ -3,7 +3,7 @@
 # Публикация локальных сервисов через SSH-туннели + nginx на VPS
 # http://5.104.75.50:3000/Petro1990/rProxy
 
-VERSION="1.2.2"
+VERSION="1.2.3"
 CONF_DIR="/opt/etc/rproxy"
 CONF_FILE="$CONF_DIR/rproxy.conf"
 SERVICES_DIR="$CONF_DIR/services"
@@ -487,15 +487,22 @@ server {
         proxy_http_version 1.1;
         proxy_set_header Upgrade \$http_upgrade;
         proxy_set_header Connection "upgrade";
-        proxy_set_header Host "\$http_host";
-        proxy_set_header Origin "\$scheme://\$http_host";
-        proxy_set_header Referer "\$http_referer";
+        
+        # Стелс-режим: прикидываемся локальным запросом
+        proxy_set_header Host "$t_host";
+        proxy_set_header Origin "http://$t_host";
+        proxy_set_header Referer "http://$t_host/";
+        
         proxy_set_header X-Real-IP \$remote_addr;
         proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto \$scheme;
         proxy_set_header X-Forwarded-Host \$http_host;
         proxy_set_header X-Forwarded-Port \$server_port;
+        
+        # Трансляция куки: меняем локальный IP обратно на домен в браузере
+        proxy_cookie_domain "$t_host" "\$host";
         proxy_cookie_path / "/; SameSite=Lax";
+        
         proxy_hide_header X-Frame-Options;
         proxy_connect_timeout 60s;
         proxy_send_timeout 60s;
@@ -519,15 +526,22 @@ server {
         proxy_http_version 1.1;
         proxy_set_header Upgrade \$http_upgrade;
         proxy_set_header Connection "upgrade";
-        proxy_set_header Host "\$http_host";
-        proxy_set_header Origin "\$scheme://\$http_host";
-        proxy_set_header Referer "\$http_referer";
+        
+        # Стелс-режим: прикидываемся локальным запросом
+        proxy_set_header Host "$t_host";
+        proxy_set_header Origin "http://$t_host";
+        proxy_set_header Referer "http://$t_host/";
+
         proxy_set_header X-Real-IP \$remote_addr;
         proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto \$scheme;
         proxy_set_header X-Forwarded-Host \$http_host;
         proxy_set_header X-Forwarded-Port \$server_port;
+        
+        # Трансляция куки: меняем локальный IP обратно на домен в браузере
+        proxy_cookie_domain "$t_host" "\$host";
         proxy_cookie_path / "/; SameSite=Lax";
+        
         proxy_hide_header X-Frame-Options;
         proxy_connect_timeout 60s;
         proxy_send_timeout 60s;