Some Action API modules proxy data from another API (e.g. ORES, Pageviews). Such modules should forward the request IP and user agent when making requests to the upstream API so client throttling / banning can be properly done upstream. For IP, this probably means setting X-Forwarded-For (and it would be the upstream's responsibility to have a whitelist of what sources to trust XFF from); for the user agent, maybe add an X-UA-Original header?
Description
Description
Details
Details
Status | Subtype | Assigned | Task | ||
---|---|---|---|---|---|
Resolved | Ladsgroup | T148997 Implement parallel connection limit for querying ORES | |||
Resolved | Ladsgroup | T137962 [Spec] Tracking and blocking specific IP/user-agent combinations | |||
Resolved | Tgr | T161029 Forward request data in proxied Action API modules |
Event Timeline
Comment Actions
Change 344809 merged by jenkins-bot:
[mediawiki/core@master] MWHttpRequest: optionally add original request data
Comment Actions
Change 344816 merged by jenkins-bot:
[mediawiki/extensions/PageViewInfo@master] Forward request details to upstream API
Comment Actions
https://gerrit.wikimedia.org/r/#/c/344815/ (which was the real point of the exercise) still needs to be merged.
Comment Actions
Change 344815 merged by jenkins-bot:
[mediawiki/extensions/ORES@master] Forward request data to ORES API
Comment Actions
Mass-moving all items tagged for MediaWiki 1.30.0-wmf.3, as that was never released; instead, we're using -wmf.4.