why we can't allow anonymous edits


as I stated in my other thread from just now (called "Some Charts about WPD Users"), there was a problem with IP addresses.

When I asked the database for unique IPs in the recentchanges table (which contains about 26k rows),
it replied with merely 18 distinct addresses. I wondered and then it struck me.

Because we use a frontend cache (Fastly), user traffic looks like the following:
User <--> Fastly <--> WPD

This means MediaWiki doesn't see the user's IP, but the IP of a random cache from Fastly. This effectively means
we can't block IPs in case of vandalism etc., because we would block a whole bunch of users.

I don't know why I haven't thought of this earlier... I guess it's because I normally don't use frontend caches.

Now, I don't know if Fastly sends X-Forwarded-For headers (it should) nor if MW can handle those. We would need
a whitelist of Fastly IPs to be trusted with the XFF header and MW would then use that value as the real IP.

Another thought (which I can't confirm for now) is, that this could also be a source of the session issues.

- fro

Received on Sunday, 16 December 2012 03:17:04 UTC