BBlack has uploaded a new change for review.
https://gerrit.wikimedia.org/r/253474
Change subject: webrequest: remove X-Forwarded-For
......................................................................
webrequest: remove X-Forwarded-For
XFF is low-level data which is difficult to correctly interpret,
and whose interpretation changes with edge infrastructure changes.
We should instead rely on the headers we've decoded at the edge
such as X-Client-IP, X-Carrier (aka zero=), X-Real-IP,
X-Trusted-Proxy, etc, improving them if necessary.
Bug: T118557
Change-Id: I545e58ee017636cf4c75a144e1b7322802936e21
---
M modules/role/manifests/cache/kafka/webrequest.pp
1 file changed, 1 insertion(+), 1 deletion(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/74/253474/1
diff --git a/modules/role/manifests/cache/kafka/webrequest.pp
b/modules/role/manifests/cache/kafka/webrequest.pp
index 1eaa8fb..e3abacb 100644
--- a/modules/role/manifests/cache/kafka/webrequest.pp
+++ b/modules/role/manifests/cache/kafka/webrequest.pp
@@ -23,7 +23,7 @@
# Note: fake_tag tricks varnishkafka into allowing hardcoded string
into a JSON field.
# Hardcoding the $fqdn into hostname rather than using %l to account
for
# possible slip ups where varnish only writes the short hostname for
%l.
- format => "%{fake_tag0@hostname?${::fqdn}}x
%{@sequence!num?0}n %{%FT%T@dt}t
%{Varnish:time_firstbyte@time_firstbyte!num?0.0}x
%{Varnish:handling@cache_status}x %{@http_status}s %{@response_size!num?0}b
%{@http_method}m %{Host@uri_host}i %{@uri_path}U %{@uri_query}q
%{Content-Type@content_type}o %{Referer@referer}i
%{X-Forwarded-For@x_forwarded_for}i %{User-Agent@user_agent}i
%{Accept-Language@accept_language}i %{X-Analytics@x_analytics}o %{Range@range}i
%{X-Cache@x_cache}o %{X-Client-IP@client_ip}o",
+ format => "%{fake_tag0@hostname?${::fqdn}}x
%{@sequence!num?0}n %{%FT%T@dt}t
%{Varnish:time_firstbyte@time_firstbyte!num?0.0}x
%{Varnish:handling@cache_status}x %{@http_status}s %{@response_size!num?0}b
%{@http_method}m %{Host@uri_host}i %{@uri_path}U %{@uri_query}q
%{Content-Type@content_type}o %{Referer@referer}i %{User-Agent@user_agent}i
%{Accept-Language@accept_language}i %{X-Analytics@x_analytics}o %{Range@range}i
%{X-Cache@x_cache}o %{X-Client-IP@client_ip}o",
message_send_max_retries => 3,
# At ~6000 msgs per second, 500000 messages is over 1 minute
# of buffering, which should be more than enough.
--
To view, visit https://gerrit.wikimedia.org/r/253474
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I545e58ee017636cf4c75a144e1b7322802936e21
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: BBlack <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
