Page MenuHomePhabricator
Create Task
Maniphest T8161

Add proxies to trusted X-Forwarded-For list
Closed, ResolvedPublic
Actions

Description

Author: walter

Description:
The following is a very serious problem for the users of the Dutch language Wikipedia;

There is a ISP with many users that is offering a filter-service. A service to censor the internet,
to keep erotic website and so out. This means that all traffic goes throe a range of transparent
proxies.

And so has those users for Wikipedia only a small range of ipadresses. And are those users mostly
always blocked because of the vandalism by other users of that ISP. And because bug 550 is not fixt
we can not do anything about that.

The helpdesk of this ISP (Filternet) explained that the support the HTTP_X_FORWARDED_FOR header
that contains the real ip address of a user of there network.

And that we, as Wikipedia could use that header for blocking users.

Can this be done?

It is for the ipadresses;
From
http://nl.wikipedia.org/wiki/Overleg_gebruiker:212.45.32.211
to
http://nl.wikipedia.org/wiki/Overleg_gebruiker:212.45.32.224

Version: unspecified
Severity: enhancement
URL: http://nl.wikipedia.org/wiki/Overleg_gebruiker:212.45.32.211

Details

Reference
bz6161

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 21 2014, 9:19 PM
bzimport added projects: WMF-General-or-Unknown, Shell.
bzimport set Reference to bz6161.
bzimport added a subscriber: Unknown Object (MLST).
bzimport created this task.Jun 1 2006, 1:15 PM
bzimport added a comment.Jun 1 2006, 2:15 PM

robchur wrote:

See http://meta.wikimedia.org/wiki/XFF_project#Trusted_XFF_list.

bzimport added a comment.Jun 1 2006, 2:30 PM

walter wrote:

(In reply to comment #1)

See http://meta.wikimedia.org/wiki/XFF_project#Trusted_XFF_list.

Yes, but it says to contact Tim Starling about this to get them on that list. I have asked him on
the 4th of April, 26th of April and 22 May but I get no reply.

bzimport added a comment.Jun 1 2006, 2:42 PM

robchur wrote:

Well, he's a busy bloke. Have you considered asking other system admins who
might be in the know about it?

bzimport added a comment.Jun 1 2006, 4:43 PM

walter wrote:

(In reply to comment #3)

Well, he's a busy bloke. Have you considered asking other system admins who
might be in the know about it?

That why I have made this ticket to try to get there attention. I will wait a
week or two. After that I will try wikitech-l and #wikimedia-tech.

tstarling added a comment.Jun 4 2006, 7:40 PM

212.45.32.224 has no reverse DNS, that's why I didn't add it.

bzimport added a comment.Jun 4 2006, 10:09 PM

walter wrote:

212.45.32.210 to 212.45.32.220 do resolve

hashar added a comment.Jun 8 2006, 8:13 PM

They do resolve now (checked on zwinger):

$ for i in 10 11 12 13 14 15 16 17 18 19 20; do

echo "PTR for 212.45.32.2$i:" ;
dig +short -x 212.45.32.2$i ;
done ;

PTR for 212.45.32.210:
filter.solcon.nl.
PTR for 212.45.32.211:
filter01.solcon.nl.
PTR for 212.45.32.212:
filter02.solcon.nl.
PTR for 212.45.32.213:
filter03.solcon.nl.
PTR for 212.45.32.214:
filter04.solcon.nl.
PTR for 212.45.32.215:
filter05.solcon.nl.
PTR for 212.45.32.216:
filter06.solcon.nl.
PTR for 212.45.32.217:
filter07.solcon.nl.
PTR for 212.45.32.218:
filter08.solcon.nl.
PTR for 212.45.32.219:
filter09.solcon.nl.
PTR for 212.45.32.220:
filter10.solcon.nl.
$

I edited our settings. Will be live soon.

hashar added a comment.Jun 8 2006, 8:17 PM

Synced on live :)

Gave a warning in #wikipedia-nl

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL