Bot throttling: Wikipedia Education Foundation dashboard should set X-Forwarded-For header when editing via API
Open, HighPublic
Actions

Assigned To

None

Authored By

	Tgr
	Aug 25 2015, 10:00 PM

Description

See T110235 for motivation.

On a code level this should be a near-trivial change: whenever sending an OAuth request as a response to a user request (ie. an action performed on the dashboard), if the user request does not have such a header, set X-Forwarded-For: <user ip>, otherwise just append , <user ip> to it. (Once the tool starts to make scheduled actions or other kinds of OAuth requests which are not direct, immediate responses to user action, things get more hairy.)

Probably requires a legal review / modification of the WikiEdu privacy policy.

Related Objects

Mentioned In: T110235: Add dashboard.wikiedu.org IP to the ratelimit exemptions
Mentioned Here: T110235: Add dashboard.wikiedu.org IP to the ratelimit exemptions

Event Timeline

Tgr created this task.Aug 25 2015, 10:00 PM

Tgr raised the priority of this task from to Needs Triage.

Tgr updated the task description. (Show Details)

Tgr added a project: Education-Program-Dashboard.

Tgr added subscribers: Tgr, Ragesoss.

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 25 2015, 10:00 PM

Tgr mentioned this in T110235: Add dashboard.wikiedu.org IP to the ratelimit exemptions.Aug 25 2015, 10:00 PM

Krenair subscribed.Aug 25 2015, 10:08 PM

Our current privacy policy doesn't have any roadblocks for forwarding the IP to Wikipedia.

I'll get this onto our roadmap soon. Thanks @Tgr.

awight added a project: good first task.Oct 7 2015, 8:20 PM

awight set Security to None.

Bumping priority just for bookkeeping, no urgency to implement, though.

Restricted Application added a subscriber: Base. · View Herald TranscriptNov 30 2015, 9:05 AM

awight moved this task from Backlog to Make system usable for non-Wiki Ed programs on the Education-Program-Dashboard board.Nov 30 2015, 9:06 AM

awight renamed this task from Wikipedia Education Foundation dashboard should set X-Forwarded-For header to Wikipedia Education Foundation dashboard should set X-Forwarded-For header when editing via API.Dec 5 2015, 9:01 AM

Nemo_bis added a project: Google-Code-In-2015.Jan 7 2016, 9:02 PM

Could someone imagine mentoring this task in Google Code-in 2015?

@Aklapper I'm not sure how to do this task specifically, but I'm happy to mentor in terms of guiding someone around how this fits into the overall codebase, getting a patch tested, and so on.

I can help with the specifics, although there is not much more to it than what's in the task description. Plus a Wikimedia config patch to get WikiEdu on the trusted XFF list.

awight renamed this task from Wikipedia Education Foundation dashboard should set X-Forwarded-For header when editing via API to Bot throttling: Wikipedia Education Foundation dashboard should set X-Forwarded-For header when editing via API.Jan 14 2016, 9:25 AM

awight moved this task from Make system usable for non-Wiki Ed programs to Microtasks on the Education-Program-Dashboard board.Jan 14 2016, 9:43 AM

awight added a project: Program Dashboard Sprint 1.Feb 18 2016, 7:28 PM

awight edited projects, added Programs-and-Events-Dashboard-Sprint 2; removed Program Dashboard Sprint 1.Feb 18 2016, 7:40 PM