W3C home > Mailing lists > Public > public-webplatform@w3.org > December 2012

Re: why we can't allow anonymous edits

From: frozenice <frozenice@frozenice.de>
Date: Sun, 16 Dec 2012 19:12:26 +0100
Message-ID: <50CE0F0A.9090707@frozenice.de>
To: public-webplatform@w3.org
CC: ryan@ryandlane.com
This seems useful:
http://www.mediawiki.org/wiki/Manual:$wgSquidServersNoPurge

- fro

On 16.12.2012 04:16, frozenice wrote:
> Hi,
>
> as I stated in my other thread from just now (called "Some Charts about WPD Users"), there was a problem with IP addresses.
>
> When I asked the database for unique IPs in the recentchanges table (which contains about 26k rows),
> it replied with merely 18 distinct addresses. I wondered and then it struck me.
>
> Because we use a frontend cache (Fastly), user traffic looks like the following:
> User <--> Fastly <--> WPD
>
> This means MediaWiki doesn't see the user's IP, but the IP of a random cache from Fastly. This effectively means
> we can't block IPs in case of vandalism etc., because we would block a whole bunch of users.
>
> I don't know why I haven't thought of this earlier... I guess it's because I normally don't use frontend caches.
>
> Now, I don't know if Fastly sends X-Forwarded-For headers (it should) nor if MW can handle those. We would need
> a whitelist of Fastly IPs to be trusted with the XFF header and MW would then use that value as the real IP.
>
> Another thought (which I can't confirm for now) is, that this could also be a source of the session issues.
>
> - fro
>



Received on Sunday, 16 December 2012 18:12:58 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 8 May 2013 19:57:36 UTC