Page MenuHomePhabricator
Create Task
Maniphest T36288

Allow blocking private (internal) IPs passed by X-Forwarded-For
Open, MediumPublicFeature
Actions

Description

This is an import of the feature request at http://meta.wikimedia.org/wiki/XFF_project/RFC_1918.

Some proxies pass an X-Forwarded-For header with an internal IP as value. If we could block the combination of internal and external (e.g. 10.1.0.0/16 via 62.171.194.4), that would allow us to target particular computers without blocking the whole proxy.

There are several known proxies this applies to (listed at URL above), and probably many more unknown. Several are schools. Those alone would provide a significant benefit,

Version: unspecified
Severity: enhancement
See Also:
https://bugzilla.wikimedia.org/show_bug.cgi?id=23343

Details

Reference
bz34288

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 22 2014, 12:16 AM
bzimport added a project: MediaWiki-User-management.
bzimport set Reference to bz34288.
bzimport added a subscriber: Unknown Object (MLST).
Mattflaschen-WMF created this task.Feb 9 2012, 5:13 AM
Mattflaschen-WMF added a comment.Mar 29 2013, 8:41 PM

Jasper Deng noted at bug 23343 that this feature could also be useful for [[carrier-grade NAT]]:

"I'd like to add (from the above dup) that it would be useful, especially for
networks using carrier-grade NAT, that we should be able to also base blocks
off of both public-facing and (private) IPs behind, such as blocking
"206.34.7.1/16/xff:10.6.0.0/16" or "206.6.1.8/xff:192.168.2.0/24"."

mxn subscribed.Nov 24 2014, 8:54 PM
TerraCodes subscribed.May 3 2017, 3:51 AM
Krinkle moved this task from Backlog to User blocking on the MediaWiki-User-management board.May 7 2017, 11:49 PM
DannyS712 edited projects, added MediaWiki-Blocks; removed MediaWiki-User-management.Apr 25 2020, 12:13 AM
Restricted Application added a project: MediaWiki-User-management. · View Herald TranscriptApr 25 2020, 12:13 AM
JJMC89 removed a project: MediaWiki-User-management.Apr 25 2020, 6:35 PM
Aklapper changed the subtype of this task from "Task" to "Feature Request".Feb 4 2022, 12:24 PM
Aklapper removed subscribers: Mattflaschen-WMF, wikibugs-l-list.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL