Author: kwwilliams
Description:
I've discovered a large range of IPV6 addresses used by Opera that are being used as proxies for Opera browser users. When the "turbo" mode is selected, the Opera server is the one that actually accesses the website, and it sends a compressed version to the user. I've been assured by DeltaQuad and DepartmentOfRedudancyDepartment that the servers are sending valid XFF headers. I can't see any reason to believe that Opera would forge headers to falsely implicate Wikipedia editors, so we need to have the Opera servers in the range 2001:4c28::/32 configured to be "trusted" XFF servers.
As an intermediate solution, I have blocked all anonymous editing through this range on English Wikipedia.
I also invite comments on whether this is the best way to handle this. This seems to be something that any checkuser should be able to configure on a per-wiki basis. Is it, and our current batch of checkusers was never told how? Or does it actually require action at the Wikimedia software level?
Version: unspecified
Severity: enhancement