[Bug 30739] New: IPv6 addresses not obtained successfully from X-Forwarded-For on Squid 3.1.15

[bugzilla-daemon]

https://bugzilla.wikimedia.org/show_bug.cgi?id=30739

       Web browser: ---
             Bug #: 30739
           Summary: IPv6 addresses not obtained successfully from
                    X-Forwarded-For on Squid 3.1.15
           Product: MediaWiki
           Version: 1.19-svn
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Keywords: ipv6
          Severity: normal
          Priority: Unprioritized
         Component: User interface
        AssignedTo: wikibugs-l@lists.wikimedia.org
        ReportedBy: carlb...@hotmail.com
    Classification: Unclassified


I'm running Mediawiki 1.17 and 1.19-alpha behind a Squid 3.1.15 server. 

On what appears to be a valid configuration if the user is IPv4, MediaWiki
can't get user IPv6 addresses out of X-Forwarded-For header and into the wiki.

I've compiled the latest Squid from source and my
/usr/local/squid/etc/squid.conf looks something like:

http_port 96.45.180.93:80 vhost 
http_port [2605:ac00:f000:102:230:48ff:fece:ce12]:80 vhost 
cache_peer 127.0.0.1 parent 80 0 no-query originserver round-robin

Sure enough, if I attempt to access this box from elsewhere on the same subnet,
I can see the "remote" IPv6 address recorded in Squid's access.log:

1315105640.362    874 2605:ac00:f000:102:217:3fff:fece:e23d
TCP_MISS/301 550 GET http://oscar6/wiki/special:mypage -
ROUNDROBIN_PARENT/127.0
.0.1 text/html
1315105642.781    409 2605:ac00:f000:102:217:3fff:fece:e23d TCP_MISS/302 527
GET
 http://oscar6/wiki/Kerfiss%C3%AD%C3%B0a:Notandas%C3%AD%C3%B0a_m%C3%ADn -
ROUNDR
OBIN_PARENT/127.0.0.1 text/html
1315105644.791      0 2605:ac00:f000:102:217:3fff:fece:e23d
TCP_NEGATIVE_HIT/404
 12740 GET http://oscar6/index.php? - NONE/- text/html

but that request for [[special:mypage]] just sent me to [[user:127.0.0.1]]
instead of [[user:2605:ac00:f000:102:217:3fff:fece:e23d]]?

If I try to edit, even though I'm on an IPv6 link from some other box (Squid is
on the same box as MediaWiki, web browser is not) IPv6 anon-edits are
attributed to 127.0.0.1 (Apache's internal IPv4 address, behind the Squid 3
server) while IPv4 anon-edits are attributed correctly. CheckUser logs also
show the same pattern of all IPv6 users being "127.0.0.1" for want of XFF data.

Is there an easy way to check where the XFF is getting clobbered? I see Squid's
bugtracker lists XFF under IPv6 as having supposedly been fixed a year ago, but
I can't allow Squid 3 to monitor both IPv4/IPv6 if (for want of XFF) all the
IPv6 anon-IP activity yields in the wiki is the IPv4 address of Apache itself.

-- 
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are on the CC list for the bug.

_______________________________________________
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l