| Smalyshev added a comment. |
Nginx and Varnish already attach the X-Client-IP header to incoming requests
Yes, but we need it to be the IP of the client of Karthoterian, not the IP of the server running Karthoterian.
It would be very easy to add the requesting IP to the user-agent string.
I believe this violates multiple privacy policies we have in place.
Why do you think so? WDQS is an internal WMF service, and the webrequest logs track incoming IPs anyway. So no additional information is logged and no PII is sent out.
Therefore, Kartotherian should use http://wdqs-internal.discovery.wmnet - the internal cluster.
Not sure about that, since Kartotherian is acting as a proxy in this case - i.e. we have load generated by public requests driven by the clients everywhere, and queries written by the clients, not just internal WMF workloads with queries curated by us, as far as I can understand. I'd prefer using internal clusters only for curated queries for now, unless Kartotherian load is very small.
I would also suggest using X-Request-ID which uniquely identifies a single request.
But we do not need to uniquely identify a single request. We need to identify a client, sending multiple requests. That's the whole point of throttling.
Cc: mobrovac, MSantos, Gehel, Aklapper, MaxSem, Pnorman, Mholloway, Smalyshev, Amatissart, Lahi, Gq86, Looniverse, Lucas_Werkmeister_WMDE, GoranSMilovanovic, QZanden, EBjune, Orienteerix, merbst, LawExplorer, debt, JGirault, Jonas, phabyogi, Xmlizer, Susannaanas, lxbarth, Eevans, jkroll, Planemad, Hardikj, Wikidata-bugs, Jdouglas, aude, Tobias1984, Manybubbles, Yurik, Jdforrester-WMF, Mbch331, Jay8g
_______________________________________________ Wikidata-bugs mailing list Wikidata-bugs@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikidata-bugs
