I get the 200 status on Chrome and Firefox. Can you provide some more information?

@wassan.anmol117, basically, that's all the info I got for now. But I will dig again and see if I can find anything. Is there a particular type of information that you need? That might help me find something :).

@wassan.anmol117: If "more information" is needed, please always describe how to actually provide more information.

Alright, @D3r1ck01 I need to dig too for the information. :)
I think this has to do something with https://gerrit.wikimedia.org/r/#/c/363264/ if it has happened all of a sudden. Can you please tell me your ISP and country from where you tried to access the image?

I will take care of it in future. Thank you, @Aklapper :)

Yes @wassan.anmol117, currently in Cameroon and my ISP is Orange Cameron. Thanks.

Any updates on this? I can't still see images. Currently, this is what I see;

Images are not showing which is not a nice feeling as there are tickets I can't work on since they contain images :(.

Also, I noticed that my edits on some wikis are tagged "Wikipedia Zero edit" which is not true as I am using a paid data plan. Please can someone look into this?

Something's definitely awry. Orange Cameroon has not been an active Zero partner since March 2016. I'm looking into it.

I was able to reproduce this, and I think @wassan.anmol117 is correct that this is caused by https://gerrit.wikimedia.org/r/#/c/363264/. In Varnish we internally mark up requests in Zero IP ranges with X-CS headers. The patch blocks requests marked up with this header from requesting uploaded files from Phabricator. The problem (if I'm correct) is that the X-CS markup is applied without regard to whether or not a carrier is a currently active Zero participant. (It's up to clients to determine whether the carrier referred to in a Zero header is active before displaying Zero chrome.)

To make a long story short, I think we're currently inadvertently blocking users in inactive Zero IP ranges from accessing Phab file uploads.

In T173537#3886490, @Mholloway wrote:

The problem (if I'm correct) is that the X-CS markup is applied without regard to whether or not a carrier is a currently active Zero participant.

Do you know of a programmatic way that could reliably determine if a visitor is from a carrier that is an active Zero participant?

I think this issue may be affecting @Zoranzoki21 who reported this on irc. He says his ip provider does not do wikipedia zero but images are blocked for him too.

In T173537#3886549, @Paladox wrote:

I think this issue may be affecting @Zoranzoki21 who reported this on irc.

Not only, also in T183980. (Which might turn out to be a duplicate?)

In T173537#3886714, @Aklapper wrote:

In T173537#3886549, @Paladox wrote:

I think this issue may be affecting @Zoranzoki21 who reported this on irc.

Not only, also in T183980. (Which might turn out to be a duplicate?)

Telenor Serbia is an active Zero partner; unfortunately for that user, the patch is working as intended in that case.

@Mholloway thanks.

As for T173537#3886490, I believe that configured carrier IPs are consolidated for Varnish in https://github.com/wikimedia/mediawiki-extensions-ZeroPortal/blob/master/includes/ApiZeroPortal.php and that the logic there could be updated to exclude disabled carriers. (+@dr0ptp4kt for a sanity check).

In T173537#3886730, @Mholloway wrote:

In T173537#3886714, @Aklapper wrote:

In T173537#3886549, @Paladox wrote:

I think this issue may be affecting @Zoranzoki21 who reported this on irc.

Not only, also in T183980. (Which might turn out to be a duplicate?)

Telenor Serbia is an active Zero partner; unfortunately for that user, the patch is working as intended in that case.

Orion Telekom (oriontelekom.rs) is not partner with wmf and no use your proxy. How and there no work?

P. S. IP range which I had there is not included in black list.

To provide some extra information: header enrichment is done on connections with inactivated operators, as well as of course active operators, on Wikipedia Zero. On truly inactive operators, the simplest idea I've had is to to update the config of each operator, making the IP list for a given operator contain one improbable IPv6 address only. Updates of this nature would in effect would make the tagging go away. IP address updates in the configuration system for Wikipedia Zero in general should be done by @DFoy or with his blessing.

As far as ways for users to identify the tagging disposition, @Mholloway please let me know if this is or isn't your observation...but...they can go to the following URL:

https://en.wikipedia.org/w/api.php?action=zeroconfig&type=config

If it returns an empty {} JSON object then the client IP wasn't detected as in a Wikipedia Zero configuration. If it returns a JSON object that contains the enabled key with a true value, then they're deemed to be on an active Wikipedia Zero operator. If it returns a JSON object contains an enabled key without the value of true (e.g., {"enabled":"",), then they're on an operator for which the configuration is inactivated.

In the case of either an active or inactivated configuration for a given operator as manifested in the JSON response, the id field gives a sense of the MCC-MNC code of the operator as entered into the configuration system. If someone filing a bug can share the source IP address (a what's my ip address in a search engine like Google will report back an IP) and the observed MCC-MNC code for the given user's access at that moment in time, that information can be helpful for identification of operator configurations potentially needing treatment.

In T173537#3887607, @dr0ptp4kt wrote:

As far as ways for users to identify the tagging disposition, @Mholloway please let me know if this is or isn't your observation...but...they can go to the following URL:

https://en.wikipedia.org/w/api.php?action=zeroconfig&type=config

I'll test this again to be 100% sure, but unfortunately if memory serves (and as the source suggests) I believe an empty JSON object is also returned in the case of an existing but disabled carrier config. The fields are only populated if the config exists and is enabled.

Thanks, @Mholloway. It may be possible to check the HTTP headers on the response, but there too I'm unsure. In any event, I appreciate your testing.

See my reply in T183980

In T173537#3887741, @dr0ptp4kt wrote:

Thanks, @Mholloway. It may be possible to check the HTTP headers on the response, but there too I'm unsure. In any event, I appreciate your testing.

Confirmed that the zeroconfig API returns an empty object for requests in configured but disabled IP ranges. However, responses in these cases will include an x-carrier header with the carrier's MCC-MNC code.

Nice work, @Mholloway! For those on the task are you able to inspect HTTP headers with your browser?

This IP is not on black list, but whitelist to phabricator can work normally for me: 109.245.0.0/16 or 109.245.158.0/23

Change 404095 had a related patch set uploaded (by Mholloway; owner: Mholloway):
[mediawiki/extensions/ZeroPortal@master] Only return info for enabled carriers from API type=carriers

https://gerrit.wikimedia.org/r/404095

Change 404095 merged by jenkins-bot:
[mediawiki/extensions/ZeroPortal@master] Only return info for enabled carriers from API type=carriers

https://gerrit.wikimedia.org/r/404095

Nothing new. Same

Hi @Zoranzoki21, this change needs to be deployed to the wikis before it can have any effect. That's scheduled to happen the week after next.

In T173537#3923816, @Mholloway wrote:

Hi @Zoranzoki21, this change needs to be deployed to the wikis before it can have any effect. That's scheduled to happen the week after next.

For my birthday. 😃

Thank you, @Mholloway

The change is now live on ZeroWiki. I confirmed that Orange Cameroon is no longer being reported as a (potentially) active carrier.

@D3r1ck01 can you confirm whether you can now see images on Phabricator again?

@Zoranzoki21 Any change for you on non-Zero carriers?

In T173537#3954742, @Mholloway wrote:

The change is now live on ZeroWiki. I confirmed that Orange Cameroon is no longer being reported as a (potentially) active carrier.

@D3r1ck01 can you confirm whether you can now see images on Phabricator again?

@Zoranzoki21 Any change for you on non-Zero carriers?

Nothing new. No work. Same is

Suggestion: Whitelist my IP range 109.245.0.0/16

In T173537#3977284, @Zoranzoki21 wrote:

Suggestion: Whitelist my IP range 109.245.0.0/16

That's a Telenor Serbia IP range. It's expected behavior for the block still to be in effect there. I'd be more interested in your results now from an Orion Telekom IP, if that's still possible.

In T173537#3977291, @Mholloway wrote:

In T173537#3977284, @Zoranzoki21 wrote:

Suggestion: Whitelist my IP range 109.245.0.0/16

That's a Telenor Serbia IP range. It's expected behavior for the block still to be in effect there. I'd be more interested in your results now from an Orion Telekom IP, if that's still possible.

Orion working. But I only now using telenor. I need to telenor work for me because I can not see nothing of screenshots in tasks, logo of phabricator and other multimedia files on phabricator.

LOL: I now see only pictuers which are default on profiles of users.

In T173537#3977302, @Zoranzoki21 wrote:

I need to telenor work for me because I can not see nothing of screenshots in tasks, logo of phabricator and other multimedia files on phabricator.

If Telenor is in an active Zero IP range then there is nothing to do as we do not plan to manage any 'whitelist' of specific IPs. You can either access Phabricator without seeing multimedia files or use a provider that is not in an active Zero IP range. Thanks for your understanding.

Nothing. I have to suffer with the situation as it is