https://bugzilla.wikimedia.org/show_bug.cgi?id=54783
Web browser: ---
Bug ID: 54783
Summary: Respect X-Forwarded-For only from trustworthy sources
Product: Analytics
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: Unprioritized
Component: Kraken
Assignee: [email protected]
Reporter: [email protected]
CC: [email protected], [email protected],
[email protected]
Classification: Unclassified
Mobile Platform: ---
We unconditionally respect the X-Forwarded-For header that gets fed into
kraken's machineries. Regardless of whether the client IP is a trusted one,
or it is not a trusted one. This distorts our reports/graphs.
Instead, we should only respect the X-Forwarded-For header for the client IPs
in $wgSquidServersNoPurge in wmf-config/squid.php of
operations/mediawiki-config.
--
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
