Page MenuHomePhabricator
Create Task
Maniphest T50791

XFF ranges needs updating with Opera range
Closed, ResolvedPublic
Actions

Description

Author: kwwilliams

Description:
I've discovered a large range of IPV6 addresses used by Opera that are being used as proxies for Opera browser users. When the "turbo" mode is selected, the Opera server is the one that actually accesses the website, and it sends a compressed version to the user. I've been assured by DeltaQuad and DepartmentOfRedudancyDepartment that the servers are sending valid XFF headers. I can't see any reason to believe that Opera would forge headers to falsely implicate Wikipedia editors, so we need to have the Opera servers in the range 2001:4c28::/32 configured to be "trusted" XFF servers.

As an intermediate solution, I have blocked all anonymous editing through this range on English Wikipedia.

I also invite comments on whether this is the best way to handle this. This seems to be something that any checkuser should be able to configure on a per-wiki basis. Is it, and our current batch of checkusers was never told how? Or does it actually require action at the Wikimedia software level?

Version: unspecified
Severity: enhancement

Details

Reference
bz48791

Event Timeline

bzimport raised the priority of this task from to Needs Triage.Nov 22 2014, 1:29 AM
bzimport added a project: MediaWiki-extensions-General.
bzimport set Reference to bz48791.
bzimport created this task.May 24 2013, 5:12 PM
MZMcBride added a comment.May 24 2013, 5:44 PM

I wonder if this is a MediaWiki issue or a Wikimedia issue.

Krenair added a comment.May 24 2013, 7:26 PM

Undoubtedly Wikimedia.

(In reply to comment #0)

I also invite comments on whether this is the best way to handle this. This
seems to be something that any checkuser should be able to configure on a
per-wiki basis. Is it, and our current batch of checkusers was never told
how?
Or does it actually require action at the Wikimedia software level?

No, I'm pretty sure this requires changes to the software or configuration.

Reedy added a comment.May 24 2013, 8:10 PM

(In reply to comment #2)

Undoubtedly Wikimedia.

(In reply to comment #0)

I also invite comments on whether this is the best way to handle this. This
seems to be something that any checkuser should be able to configure on a
per-wiki basis. Is it, and our current batch of checkusers was never told
how?
Or does it actually require action at the Wikimedia software level?

No, I'm pretty sure this requires changes to the software or configuration.

No.

trusted-hosts.txt in the TrustedXFF extension need updating.

Then the cdb needs updating/rebuilding and then be pushed to the cluster

For examaple:

  1. Opera Mini
  2. Source: https://list.opera.com/mailman/listinfo/net-changes-mini

37.228.104.0/21
58.67.157.0/24
59.151.95.128/25
59.151.98.128/27
59.151.106.224/27
59.151.120.32/27
80.84.1.0/24
80.239.242.0/23
82.145.208.0/20
91.203.96.0/22
116.58.209.36/27
116.58.209.128/27
141.0.8.0/21
195.189.142.0/23
203.81.19.0/24
209.170.68.0/24
217.212.226.0/24
217.212.230.0/23

bzimport added a comment.May 24 2013, 10:23 PM

kwwilliams wrote:

(In reply to comment #3)

(In reply to comment #2)

Undoubtedly Wikimedia.

(In reply to comment #0)

I also invite comments on whether this is the best way to handle this. This
seems to be something that any checkuser should be able to configure on a
per-wiki basis. Is it, and our current batch of checkusers was never told
how?
Or does it actually require action at the Wikimedia software level?

No, I'm pretty sure this requires changes to the software or configuration.

No.

trusted-hosts.txt in the TrustedXFF extension need updating.

Then the cdb needs updating/rebuilding and then be pushed to the cluster

Two "no"s in a row there, and I'm unsure whether the second no is another "no" to me or if it's a "no" to the first "no".

Who has the power to update trusted-hosts.txt, rebuild the CDB, and push it to a cluster. Is that under English Wikipedia control, or is it under centralized control?

Reedy added a comment.May 24 2013, 10:49 PM

No, it's not under English Wikipedia control. Little is.

Anyone with a gerrit account can add it to trusted-hosts.txt

A more limited group of people have the rights to approve and that change

And an even much limited group can merge that to the deployment branch, update the code on the cluster...

gerritbot added a comment.May 24 2013, 10:50 PM

Related URL: https://gerrit.wikimedia.org/r/65344 (Gerrit Change Id337b820773971559636313ad2300bbf290d9b1a)

bzimport added a comment.May 24 2013, 10:58 PM

kwwilliams wrote:

This really seems like a roundabout way to address what should be simple day-to-day maintenance. Is there a reason that the extension can't consult a locally-configured list?

MZMcBride added a comment.May 24 2013, 11:03 PM

I've updated [[m:XFF]]: https://meta.wikimedia.org/w/index.php?title=XFF_project&diff=5506192&oldid=5465496.

Mattflaschen-WMF added a comment.May 25 2013, 12:03 AM

I made a note that changes can be proposed through Gerrit.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL