jenkins-bot has submitted this change and it was merged.
Change subject: Proposed configuration for wgSecureLogin
......................................................................
Proposed configuration for wgSecureLogin
To go with Iaa9dd210. Blacklist China and Iran since those are the two
places where HTTPS seems to be blocked. I am not convinced by the
measurement methodology suggesting more places should be blacklisted --
it seems to be measuring network latency rather than the ability to use
HTTPS.
Change-Id: Ia125ec5099a2c8b4d7c1b4d274e28db64f0aaa05
---
M wmf-config/CommonSettings.php
M wmf-config/InitialiseSettings.php
2 files changed, 23 insertions(+), 0 deletions(-)
Approvals:
Demon: Looks good to me, approved
MaxSem: Looks good to me, but someone else must approve
jenkins-bot: Verified
diff --git a/wmf-config/CommonSettings.php b/wmf-config/CommonSettings.php
index f715e52..beb3fea 100644
--- a/wmf-config/CommonSettings.php
+++ b/wmf-config/CommonSettings.php
@@ -1110,6 +1110,24 @@
$wgServer = preg_replace( '/^http:/', 'https:', $wgServer );
}
+// Disable redirects to HTTPS for clients in some countries
+$wgHooks['CanIPUseHTTPS'][] = 'wmfCanIPUseHTTPS';
+function wmfCanIPUseHTTPS( $ip, &$canDo ) {
+ if ( !function_exists( 'geoip_country_code_by_name' ) ) {
+ return true;
+ }
+ // geoip_country_code_by_name() gives a warning for IPv6 addresses,
possibly does DNS resolution
+ if ( !IP::isIPv4( $ip ) ) {
+ return true;
+ }
+
+ $country = geoip_country_code_by_name( $ip );
+ if ( in_array( $country, $wmgHTTPSBlacklistCountries ) ) {
+ $canDo = false;
+ }
+ return true;
+}
+
if ( isset( $_REQUEST['captchabypass'] ) && $_REQUEST['captchabypass'] ==
$wmgCaptchaPassword ) {
$wmgEnableCaptcha = false;
}
diff --git a/wmf-config/InitialiseSettings.php
b/wmf-config/InitialiseSettings.php
index 3da5c54..e92549f 100644
--- a/wmf-config/InitialiseSettings.php
+++ b/wmf-config/InitialiseSettings.php
@@ -12645,6 +12645,11 @@
'foundationwiki' => '!^https?://(www\.)?wikimediafoundation\.org/!',
),
+'wmgHTTPSBlacklistCountries' => array(
+ 'CN', // China
+ 'IR', // Iran
+),
+
);
--
To view, visit https://gerrit.wikimedia.org/r/80175
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Ia125ec5099a2c8b4d7c1b4d274e28db64f0aaa05
Gerrit-PatchSet: 1
Gerrit-Project: operations/mediawiki-config
Gerrit-Branch: master
Gerrit-Owner: Tim Starling <[email protected]>
Gerrit-Reviewer: Demon <[email protected]>
Gerrit-Reviewer: MaxSem <[email protected]>
Gerrit-Reviewer: Tim Starling <[email protected]>
Gerrit-Reviewer: jenkins-bot
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
