Page MenuHomePhabricator

ACL configuration for url-downloader.wikimedia.org allowing upload.wikimedia.org
Closed, ResolvedPublic

Description

In T44473, there is a feature request to allow direct transfer from another Wikimedia site to Wikimedia Commons.

It would need the acls in the squid config for url-downloader.wikimedia.org to be changed. Someone (@csteipp ?) Would probably need to asses the security risk of such a change.

Event Timeline

Restricted Application added subscribers: Malyacko, JEumerus, Steinsplitter and 2 others. · View Herald TranscriptMar 23 2016, 2:53 AM
Dereckson renamed this task from Squid configuration for url-downloader.wikimedia.org allowing upload.wikimedia.org to XFF configuration for url-downloader.wikimedia.org allowing upload.wikimedia.org.Mar 23 2016, 2:57 AM
Bawolff renamed this task from XFF configuration for url-downloader.wikimedia.org allowing upload.wikimedia.org to ACL configuration for url-downloader.wikimedia.org allowing upload.wikimedia.org.Mar 29 2016, 9:20 PM

For reference, relavent file is templates/url_downloader/squid.conf.erb in operations/puppet

fgiunchedi triaged this task as Normal priority.Apr 27 2016, 3:55 PM

[Since I was asked to comment] I personally can't think of any objections to this, however I think this is more a call for ops.

However, faidon in the other bug seems to have objected to copying files via http for internal requests, so if his objection still stands, this is a moot point.

demon added a subscriber: demon.Aug 27 2016, 1:03 AM

I'm not sure it would need a url-downloader configuration change anyway? I thought anything within our own range can be requested directly? eg: gerrit.wikimedia.org doesn't need proxying

TTO closed this task as Resolved.Aug 27 2016, 1:10 AM
TTO claimed this task.

Works for me: https://test.wikipedia.org/wiki/File:Shellfish_COPY_UPLOAD_TEST.jpg

Incidentally, why is the image appearing in the body of the file description page? Some weird config option must be turned on for testwiki...

For the record, though, this can't really be used for a general-purpose commons transfer tool, because it requires the user to have upload-by-url rights on commons, which is restricted to sysops and GLAM people.

Cwek added a subscriber: Cwek.Sep 2 2016, 1:24 AM

Works for me: https://test.wikipedia.org/wiki/File:Shellfish_COPY_UPLOAD_TEST.jpg
Incidentally, why is the image appearing in the body of the file description page? Some weird config option must be turned on for testwiki...
For the record, though, this can't really be used for a general-purpose commons transfer tool, because it requires the user to have upload-by-url rights on commons, which is restricted to sysops and GLAM people.

Does it need report a issue that the image appearing in the body of the file description page?

sbassett moved this task from Backlog to Done on the Security-Team board.Jun 11 2019, 6:59 PM