Page MenuHomePhabricator

Make sure we're not relying on HTTP_PROXY headers
Closed, ResolvedPublic

Description

See https://httpoxy.org for full context. Places we want to fix:

Event Timeline

demon created this task.Jul 18 2016, 4:59 PM
Restricted Application added subscribers: Zppix, Malyacko, Aklapper. · View Herald TranscriptJul 18 2016, 4:59 PM

Change 299568 had a related patch set uploaded (by Chad):
Remove inbound Proxy header on all caches

https://gerrit.wikimedia.org/r/299568

Change 299568 merged by BBlack:
Remove inbound Proxy header on all caches

https://gerrit.wikimedia.org/r/299568

Change 299571 had a related patch set uploaded (by Chad):
Set $wgHTTPProxy globally instead of relying on getenv()

https://gerrit.wikimedia.org/r/299571

Change 299577 had a related patch set uploaded (by BBlack):
Unset inbound Proxy header - various misc services

https://gerrit.wikimedia.org/r/299577

Change 299577 merged by BBlack:
Unset inbound Proxy header - various misc services

https://gerrit.wikimedia.org/r/299577

Change 299571 merged by jenkins-bot:
Set $wgHTTPProxy globally instead of relying on getenv()

https://gerrit.wikimedia.org/r/299571

Change 299603 had a related patch set uploaded (by BBlack):
RequestHeader unset doesn't like line-ending comments

https://gerrit.wikimedia.org/r/299603

Change 299603 merged by BBlack:
RequestHeader unset doesn't like line-ending comments

https://gerrit.wikimedia.org/r/299603

elukey triaged this task as High priority.Jul 19 2016, 12:43 PM

Change 299768 had a related patch set uploaded (by Chad):
Remove support for getenv('http_proxy') in MediaWiki

https://gerrit.wikimedia.org/r/299768

demon updated the task description. (Show Details)
BBlack updated the task description. (Show Details)Jul 19 2016, 4:07 PM

Change 299768 merged by jenkins-bot:
Remove support for getenv('http_proxy') in MediaWiki

https://gerrit.wikimedia.org/r/299768

Change 299789 had a related patch set uploaded (by Chad):
Remove support for getenv('http_proxy') in MediaWiki

https://gerrit.wikimedia.org/r/299789

Change 299789 abandoned by Chad:
Remove support for getenv('http_proxy') in MediaWiki

Reason:
Wrong branch idiot.

https://gerrit.wikimedia.org/r/299789

Change 299791 had a related patch set uploaded (by Chad):
Remove support for getenv('http_proxy') in MediaWiki

https://gerrit.wikimedia.org/r/299791

cscott added a subscriber: cscott.Jul 19 2016, 5:07 PM

This patch might have broken OCG; see T140789.

demon added a comment.Jul 19 2016, 6:13 PM

This patch might have broken OCG; see T140789.

Yep, the mw-config patch rOMWC7e675729d96c: Set $wgHTTPProxy globally instead of relying on getenv() broke OCG and ExtDist. Reverted for now.

The problem with the way MW handles this right now is that there's not an easy way to configure requests like this. It basically requires every extension to configure $wgLocalVirtualHosts for things that shouldn't be proxied or explicitly have a configuration value for a proxy that should be used--or explicitly not used.

Ugly. I'm open to suggestions.

Change 299817 had a related patch set uploaded (by Chad):
Remove support for getenv('http_proxy') in MediaWiki

https://gerrit.wikimedia.org/r/299817

Change 299818 had a related patch set uploaded (by Chad):
Remove support for getenv('http_proxy') in MediaWiki

https://gerrit.wikimedia.org/r/299818

Change 299818 merged by jenkins-bot:
Remove support for getenv('http_proxy') in MediaWiki

https://gerrit.wikimedia.org/r/299818

Change 299791 merged by jenkins-bot:
Remove support for getenv('http_proxy') in MediaWiki

https://gerrit.wikimedia.org/r/299791

Change 299817 merged by Chad:
Remove support for getenv('http_proxy') in MediaWiki

https://gerrit.wikimedia.org/r/299817

BBlack added a subscriber: BBlack.Oct 3 2016, 3:08 PM

Is there more to do here on the MW-Core side of things?

BBlack moved this task from Triage to General on the Traffic board.Oct 4 2016, 12:44 PM
BBlack moved this task from General to Watching on the Traffic board.
demon lowered the priority of this task from High to Low.Oct 24 2016, 2:42 PM

Is there more to do here on the MW-Core side of things?

Not really no. There's some cleanup we could do to simplify config/extension (see T140658#2476469 above), but it's not strictly necessary and like I said it's kinda ugly and kludgy.

demon added a comment.Apr 18 2017, 9:54 PM

There's probably some extensions that need fixing here too. The Elastica library looks possibly at issue.

demon reopened this task as Open.Apr 18 2017, 9:55 PM
demon closed this task as Resolved.Apr 18 2017, 10:05 PM

There's probably some extensions that need fixing here too. The Elastica library looks possibly at issue.

Take that back, seems it was fixed already. Git2Pages uses http_proxy, but as a CLI environment variable for git operations--it's a false positive. Reclosing.

demon updated the task description. (Show Details)Apr 18 2017, 10:05 PM