[MediaWiki-commits] [Gerrit] Proposed configuration for wgSecureLogin - change (operations/mediawiki-config)

Wed, 21 Aug 2013 00:06:50 -0700 

Tim Starling has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/80175


Change subject: Proposed configuration for wgSecureLogin
......................................................................

Proposed configuration for wgSecureLogin

To go with Iaa9dd210. Blacklist China and Iran since those are the two
places where HTTPS seems to be blocked. I am not convinced by the
measurement methodology suggesting more places should be blacklisted --
it seems to be measuring network latency rather than the ability to use
HTTPS.

Change-Id: Ia125ec5099a2c8b4d7c1b4d274e28db64f0aaa05
---
M wmf-config/CommonSettings.php
M wmf-config/InitialiseSettings.php
2 files changed, 23 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/mediawiki-config 
refs/changes/75/80175/1

diff --git a/wmf-config/CommonSettings.php b/wmf-config/CommonSettings.php
index f715e52..beb3fea 100644
--- a/wmf-config/CommonSettings.php
+++ b/wmf-config/CommonSettings.php
@@ -1110,6 +1110,24 @@
        $wgServer = preg_replace( '/^http:/', 'https:', $wgServer );
 }
 
+// Disable redirects to HTTPS for clients in some countries
+$wgHooks['CanIPUseHTTPS'][] = 'wmfCanIPUseHTTPS';
+function wmfCanIPUseHTTPS( $ip, &$canDo ) {
+       if ( !function_exists( 'geoip_country_code_by_name' ) ) {
+               return true;
+       }
+       // geoip_country_code_by_name() gives a warning for IPv6 addresses, 
possibly does DNS resolution
+       if ( !IP::isIPv4( $ip ) ) {
+               return true;
+       }
+
+       $country = geoip_country_code_by_name( $ip );
+       if ( in_array( $country, $wmgHTTPSBlacklistCountries ) ) {
+               $canDo = false;
+       }
+       return true;
+}
+
 if ( isset( $_REQUEST['captchabypass'] ) && $_REQUEST['captchabypass'] == 
$wmgCaptchaPassword ) {
        $wmgEnableCaptcha = false;
 }
diff --git a/wmf-config/InitialiseSettings.php 
b/wmf-config/InitialiseSettings.php
index 3da5c54..e92549f 100644
--- a/wmf-config/InitialiseSettings.php
+++ b/wmf-config/InitialiseSettings.php
@@ -12645,6 +12645,11 @@
     'foundationwiki' => '!^https?://(www\.)?wikimediafoundation\.org/!',
 ),
 
+'wmgHTTPSBlacklistCountries' => array(
+       'CN', // China
+       'IR', // Iran
+),
+
 );
 
 

-- 
To view, visit https://gerrit.wikimedia.org/r/80175
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ia125ec5099a2c8b4d7c1b4d274e28db64f0aaa05
Gerrit-PatchSet: 1
Gerrit-Project: operations/mediawiki-config
Gerrit-Branch: master
Gerrit-Owner: Tim Starling <[email protected]>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to