Monolog added "ip" is REMOTE_ADDR and does not honor XFF headers
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	• bd808
	Oct 5 2015, 7:42 PM

Description

The WMF production logging configuration uses Monolog's Monolog\Processor\WebProcessor class to decorate each log event with several context fields:

url: $_SERVER['REQUEST_URI']
ip: $_SERVER['REMOTE_ADDR']
http_method: $_SERVER['REQUEST_METHOD']
server: $_SERVER['SERVER_NAME']
referrer: $_SERVER['HTTP_REFERER']

The use of $_SERVER['REMOTE_ADDR'] to capture the requesting IP address is not of much use in the WMF production cluster where all requests are made indirectly from behind a Varnish server. If we continue to log this we should instead use a custom processor that processes XFF headers sensibly using WebRequest::getIP() or something similar.

Details

	Project	Branch	Lines +/-	Subject
	operations/mediawiki-config	master	+4 -3	logging: Remove host 'ip' field
	operations/mediawiki-config	master	+16 -0	Monolog: Add processor for XFF resolved IP

Customize query in gerrit

Related Objects
Search...

		Status	Subtype	Assigned	Task
		Open		None	T157850 Interacting with Wikimedia logs should be a pleasant experience
		Resolved		Krinkle	T114700 Monolog added "ip" is REMOTE_ADDR and does not honor XFF headers

Event Timeline

• bd808 created this task.Oct 5 2015, 7:42 PM

• bd808 raised the priority of this task from to Needs Triage.

• bd808 updated the task description. (Show Details)

• bd808 added a project: MediaWiki-Debug-Logger.

• bd808 added a subscriber: • bd808.

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 5 2015, 7:42 PM

Change 273376 had a related patch set uploaded (by BryanDavis):
Monolog: Add processor for XFF resolved IP

https://gerrit.wikimedia.org/r/273376

Restricted Application added a subscriber: StudiesWorld. · View Herald TranscriptFeb 25 2016, 10:05 PM

gerritbot added a project: Patch-For-Review.Feb 25 2016, 10:05 PM

• bd808 claimed this task.Feb 25 2016, 10:05 PM

Restricted Application added a project: User-bd808. · View Herald TranscriptFeb 25 2016, 10:05 PM

• bd808 triaged this task as Low priority.Feb 26 2016, 4:06 AM

Change 273376 merged by jenkins-bot:
Monolog: Add processor for XFF resolved IP

https://gerrit.wikimedia.org/r/273376

My attempt was reverted by https://gerrit.wikimedia.org/r/#/c/324333/ due to segfaults.

Tgr added a parent task: T157850: Interacting with Wikimedia logs should be a pleasant experience.Feb 11 2017, 1:39 AM

There have been various conversations about this on IRC and Gerrit but just writing back here for the record:

Resolving the trusted XFF IP ranges on every request (eg via WebRequest::getIP like MediaWiki already does in cases for saving edits, determining blocks and throttling), is too expensive.

As a compromise I’m suggesting we start simply log the XFF header as-is to Monolog, in addition to the current ‘ip’ field. This means that the end-user IP and potentially one or more proxies are all in the log message. For the rarer cases where there is three or more and someone needs to know which IP mediawiki would’ve considered for the user, we can always resolve it manually on a case by case basis.

Change 730905 had a related patch set uploaded (by Krinkle; author: Krinkle):

[operations/mediawiki-config@master] logging: Remove host 'ip' field

https://gerrit.wikimedia.org/r/730905

gerritbot added a project: Patch-For-Review.Oct 14 2021, 8:40 PM

Krinkle claimed this task.Oct 14 2021, 8:40 PM

Krinkle added a project: Performance-Team.

Krinkle moved this task from Inbox, needs triage to Backlog: Maintenance, non-prioritized on the Performance-Team board.

Change 730905 merged by jenkins-bot:

[operations/mediawiki-config@master] logging: Remove host 'ip' field

https://gerrit.wikimedia.org/r/730905

Krinkle closed this task as Resolved.Oct 26 2021, 1:24 AM

Krinkle removed a project: Patch-For-Review.