Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Laravel News:
Laravel 5.5 Now Includes TrustedProxy
Sep 15, 2017 @ 11:07:03

On the Laravel News site there's a new post about a feature introduced in version 5.5 of the popular PHP framework: a proxy that's included by default as a part of the TrustedProxy feature.

Laravel v5.5 was released just a week ago at Laracon EU. You may have noticed that the v5.5 composer.json file requires the similar functionality Symfony has).

tagged: laravel proxy package feature cloudflare tutorial framework

Link: https://laravel-news.com/trusted-proxy

David Lundgren:
The allure of static proxies
Mar 02, 2017 @ 10:52:47

David Lundgren has a post to his site talking about the allure of static proxies in your development and some of his own experiences using them in his own code (and in using Laravel).

Several weeks ago I started playing with Laravel. Primarily because several colleagues are using it, and have suggested that I take a look at it. During my time reviewing how to build a view template I came across references to Html, Form, View and other static calls. Initially I was not impressed due to the use of so many static calls. I have come to an understanding about how static calls in certain circumstances can actually enhance code readability.

He talks about how static calls have been considered an anti-pattern for a long time due to difficulty testing and tight coupling issues. That being said, he did start to see the value in using them in certain situations, how his use relates to the proxy design pattern and some of his own conclusions about using static calls.

tagged: allure static proxy opinion laravel facade cleancode

Link: http://davidscode.com/blog/2017/02/27/the-allure-of-static-proxies/

Community News:
HTTPoxy Vulnerability Announcement
Jul 19, 2016 @ 12:40:10

Recently a major security vulnerability was announced centering around the the HTTP "Proxy" header and how incorrect handling could result in major issues with external requests. In the PHP ecosystem, a major HTTP library - Guzzle - was vulnerable (along with any application using it). However, according to Michael Dowling, a lead developer on the project, a new release has already been made to correct the problem.

httpoxy is a set of vulnerabilities that affect application code running in CGI, or CGI-like environments. It comes down to a simple namespace conflict [between the "Proxy" and "HTTP_Proxy" headers]. This leads to a remotely exploitable vulnerability. If you’re running PHP or CGI, you should block the Proxy header now. Here’s how.

The main HTTPoxy site as more information about how you can test to see if your application is vulnerable and what software/server configurations are typically vulnerable. There's also more language-specific information on the page as well as some immediate mitigations for various web server types.

tagged: httpoxy http proxy header vulnerability announcement guzzle webserver

Link: https://httpoxy.org/

Proxying with PHP in Ubuntu 14.04 (Apache 2.4, PHP 5.4+)
Jan 21, 2016 @ 10:46:38

The ProDevTips.com site has a tutorial posted showing you how to proxy requests with PHP on Ubuntu using Apache 2.4 and PHP version 5.4 or later.

I’ve just had to evade a Russian block of one of my employer’s sites, let’s call it CasinoX. Presumably they had blocked both www.casinox.com and www.casinox.com’s IP address (which is a Cloud Flare IP btw).

Simply pointing ru.casinox.com to the real IP address of www.casinox.com’s server was a not a viable solution though as that would expose the real IP publicly which is a no-go in the online casino business as it is basically an invitation to be DDoS’ed.

The solution they came up with was to set up a server that operates as a proxy and sends all traffic to the actual web server, save the assets (images, Javascript files, etc). They include the changes you'll need to the .htaccess configuration on the proxy server to forward the requests. Then they show the updated version of your virtual hosts configuration to match these changes. From there the rest of the handling lives in PHP. They include the code for the index.php proxy handling, a Proxy class that makes curl requests to the actual web server and an ip_in_range function to get the actual IP of the user/client making the request.

tagged: proxy server apache webserver tutorial htaccess virtualhost

Link: http://www.prodevtips.com/2016/01/16/proxying-with-php-in-ubuntu-1404-apache-24-php-54/

Snack Overflow:
Unit testing static calls without refactoring the world in php
Feb 27, 2015 @ 11:55:06

The "Snack Overflow" blog (from tech.graze.com) has a recent post sharing some suggestions to help unit test static calls without having to "refactor the world" away from them.

Imagine you have a situation [using a static method call] in some legacy code. Currently we can't unit test this as we can't mock out the doSomethingElse() call. So what do we do? Well we have two options really [...] neither of which is very appealing. [...] There is, however, a third option that gains us the ability to unit test Foo without having to touch Bar at all.

This option involves creating a "proxy" object of the "Bar" class that's non-static and only returns the result of the previous class' static method. You can then correctly mock that class and return the result in a more self-contained way. He lists a few caveats with this method including the fact that it could lead to a lot of proxy objects if there are a lot of static methods to replicate.

tagged: unittest static method refactor proxy object mock tutorial

Link: http://tech.graze.com/2015/02/26/unit-testing-static-calls-without-refactoring-the-world-in-php/

SitePoint PHP Blog:
Personal Packagist with Toran Proxy
Sep 09, 2014 @ 11:43:43

In a recent tutorial to on the SitePoint PHP blog, Alexander Cogneau shows you how to create a personal Packagist (the repository for Composer packages) using the Toran proxy.

Most of you reading this already know Composer. For those who don’t, you can read a previous article of mine before continuing. We can all agree that Composer has brought many good things into the PHP world. If one dares however to look for drawbacks, or better put, not included features, he could state that it is not possible to work with private repositories. That argument won’t hold anymore, since there is Toran Proxy.

He calls this the "end of the Satis era", replacing the Packagist clone that mirrors the packages locally rather than pulling them right from GitHub. Using the Toran proxy, he walks you through the setup of the proxy and using the wizard to complete the configuration. There's a personal use license for Toran that allows for one developer but after that you'd need to upgrade to the yearly/per developer pricing structure.

tagged: toran proxy packagist tutorial setup configure

Link: http://www.sitepoint.com/personal-packagist-toran-proxy/

The PHP.cc Blog:
PHPUnit 4.0: Test Proxies
Mar 12, 2014 @ 10:13:08

On thePHP.cc blog today there's another post looking at an improvement in the latest release of the popular PHP unit testing tool, PHPUnit 4.0.0. In the post Sebastian Bergmann looks at test proxies.

One of the highlights of PHPUnit 4.0, which was released last week, is improved support for integration testing through so-called test proxies. [...] PHPUnit has had built-in support for stubs and mocks for quite some time. These stubs and mocks can be used in every context where an object of the original class is expected. As it should be, the code of the original class is not executed when a method is called on the stub or mock. [...] PHPUnit 4.0 introduces the concept of test proxies [...] to have an object that provides the same API for expectations as a mock object while at the same time proxying method calls to the original class.

He includes some code examples to help illustrate. He creates a "SimpleWorkflow" class and shows how to test the execution of its "doWork" function to return the correct kind of "Result".

tagged: phpunit test proxy unittest introduction release

Link: http://thephp.cc/viewpoints/blog/2014/03/phpunit-4-0-test-proxies

Chris Hartjes:
The Power of the BrowserProxyMob
Nov 19, 2013 @ 10:49:38

In this new post to his site Chris Hartjes shares a tool he's found to help with automated front-end testing for web applications - BrowserMobProxy

At work I have been involved with an effort to put some automated front-end testing in place. The combination of Behat, Mink running tests using PhantomJS is a good one for this. Open source, easy to configure, handles JavaScript-heavy pages reasonably well. There was just one wrinkle in our plans: our use of local host files. [...] So clearly what was needed [to solve a hosts file switching issue] was a proxy. After doing a little bit of digging around I found a solution: BrowserMobProxy.

He briefly introduces the tool and helps you get it installed (as well as the library you'll need to interface with the proxy). His library hooks into a running PhantomJS instance and the BrowserMobProxy, generates the right hosts file (not included) and continues on with the tests.

tagged: browserproxymob proxy http request phantonjs unittest behat mink

Link: http://www.littlehart.net/atthekeyboard/2013/11/18/the-power-of-the-browserproxymob/

Getting Started with Varnish
Jan 22, 2013 @ 10:37:17

On PHPMaster.com today there's a new tutorial that can help you increase the performance of your application relatively painlessly with the help of the Varnish proxy tool. The article helps you get started.

Varnish is a reverse proxy server; it sits in front of your web server and serves content from your server and no one else’s. Reverse proxy servers are tightly coupled to the web server and can act on messages received from it. [...] Simply put, Varnish does one thing: serve web content super fast.

You'll need command line access to the machine (as well as permissions to install the software) but getting it installed is a simple "apt-get" away. There's a bit of configuration to set up to get it up and working, but it's only a few lines...and examples are included in the tutorial. They get into some of the more advanced configuration options too, like the time-to-live and changing the port it listens on. Varnish isn't just for PHP applications either - it can be used effectively for any kind of web application as it's just a proxy layer that sits on top and waits for requests.

tagged: varnish tutorial application cache reverse proxy


Shashikant Jagtap:
Automating Web Performance Data Collection with Behat and BrowserMob Proxy
Oct 31, 2012 @ 10:19:40

Shashikant Jagtap has Behat TDD testing tool and the BrowserMob-Proxy to make an automated system that collects performance data on your applications (including load time, recording headers and simulations of network traffic and latency).

BrowserMob Proxy is a utility which is used for capuring HTTP traffic and performance data from the browser. BrowserMob-Proxy adds in essential missing capabilities such as checking HTTP status codes and injecting headers for HTTP Basic Auth. Web Perfomance data can be manually captured by other tools like Firebug or Developers Tools. Using BrowserMob Proxy we can capture perfonace data in HAR format while running automated tests.

He includes the commands you'll need to set up the PHP interface for BrowserMob (PHPBrowserMob) the proxy itself and a sample test and context file that runs some checks against Facebook.

tagged: behat tdd testing functional browsermob proxy performance data