Description
Description
Related Objects
Related Objects
Event Timeline
Comment Actions
The timing makes this seem related to <grrrit-wm> (CR) BBlack: [C: 2] tlsproxy: settable upstream IP, defaulting to 127.0.0.1 [puppet] - https://gerrit.wikimedia.org/r/256366 (owner: BBlack)
Comment Actions
Yes, it's related and revert is in progress, we don't need further confirmation reports
Comment Actions
Has a task been filed about the bug in MediaWiki?
<bblack> there's a bug in mediawiki somewhere <bblack> this probably all goes back to TrustedXFF and related code <bblack> it probably "trusts" our local networks and rewinds through them in the XFF list to reach the "real" client IP, but doesn't consider 127.0.0.1 to be part of our local network for those purposes, so it stops there and calls that the client IP <bblack> (my change was to switch one of our internal forwarding proxies from using a local server's own IP to using 127.0.0.1 to reach the same, which replaced a WMF IP with 127.0.0.1 in the midst of the XFF list)