W3C home > Mailing lists > Public > public-webplatform@w3.org > December 2012

why we can't allow anonymous edits

From: frozenice <frozenice@frozenice.de>
Date: Sun, 16 Dec 2012 04:16:43 +0100
Message-ID: <50CD3D1B.6090706@frozenice.de>
To: public-webplatform@w3.org
CC: ryan@ryandlane.com
Hi,

as I stated in my other thread from just now (called "Some Charts about WPD Users"), there was a problem with IP addresses.

When I asked the database for unique IPs in the recentchanges table (which contains about 26k rows),
it replied with merely 18 distinct addresses. I wondered and then it struck me.

Because we use a frontend cache (Fastly), user traffic looks like the following:
User <--> Fastly <--> WPD

This means MediaWiki doesn't see the user's IP, but the IP of a random cache from Fastly. This effectively means
we can't block IPs in case of vandalism etc., because we would block a whole bunch of users.

I don't know why I haven't thought of this earlier... I guess it's because I normally don't use frontend caches.

Now, I don't know if Fastly sends X-Forwarded-For headers (it should) nor if MW can handle those. We would need
a whitelist of Fastly IPs to be trusted with the XFF header and MW would then use that value as the real IP.

Another thought (which I can't confirm for now) is, that this could also be a source of the session issues.

- fro



Received on Sunday, 16 December 2012 03:17:04 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 8 May 2013 19:57:36 UTC