Page MenuHomePhabricator

phabricator server 500 error
Closed, DeclinedPublic


phabricator 500 Internal Server Error from some France IP.

# ping
PING ( 56(84) bytes of data.
64 bytes from ( icmp_seq=1 ttl=56 time=21.7 ms
64 bytes from ( icmp_seq=2 ttl=56 time=21.6 ms
64 bytes from ( icmp_seq=3 ttl=56 time=21.7 ms
64 bytes from ( icmp_seq=4 ttl=56 time=21.5 ms
#  curl -s -D - -o /dev/null
HTTP/1.1 500 Internal Server Error
Date: Thu, 01 Aug 2019 12:11:49 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 536
Connection: keep-alive
Server: Apache
X-Powered-By: PHP/7.2.16-1+0~20190307202415.17+stretch~1.gbpa7be82+wmf1
X-Frame-Options: Deny
Content-Security-Policy: default-src; img-src data:; style-src 'unsafe-inline'; script-src; connect-src 'self'; frame-src 'self'; frame-ancestors 'none'; object-src 'none'; form-action 'self'; base-uri 'none'
Referrer-Policy: no-referrer
Cache-Control: no-store
Expires: Sat, 01 Jan 2000 00:00:00 GMT
X-Content-Type-Options: nosniff
Set-Cookie: phsid=A%2Fkydgmlb5jr44vjo4ncaty6qg5hfbe7pq5jydlnvj; expires=Tue, 30-Jul-2024 12:11:49 GMT; Max-Age=157680000; path=/;; secure; HttpOnly
Vary: Accept-Encoding
X-Varnish: 1014616393, 762209506, 274913402
Age: 0
X-Cache: cp1079 pass, cp3043 miss, cp3040 pass
X-Cache-Status: miss
Server-Timing: cache;desc="miss"
Strict-Transport-Security: max-age=106384710; includeSubDomains; preload
Set-Cookie: WMF-Last-Access=01-Aug-2019;Path=/;HttpOnly;secure;Expires=Mon, 02 Sep 2019 12:00:00 GMT
X-Analytics: https=1;nocookies=1

Event Timeline

Hi, i get "HTTP/2 200 " when running "curl -s -D - -o /dev/null".


Hi, i get "HTTP/2 200 " when running "curl -s -D - -o /dev/null".

Just some France IP visit phabricator.

Aklapper changed the task status from Open to Stalled.Aug 1 2019, 2:20 PM

Could you share an IP range if you are comfortable with that being public? If not, could you share via a private email?

@Shizhao: Thank you for sharing your IP via private email!

The current behavior is intentional:

Due to an ongoing security incident[0], certain IP ranges continue to be restricted from accessing various Wikimedia development tools. We realize the incredible inconvenience this places upon legitimate Wikimedia developers affected by these restrictions, but we cannot provide a date by which these restrictions will be removed at this time.
For confirmed, trusted developers (a determination to be made by the Wikimedia Security Team and Trust and Safety), we can potentially offer access to certain Wikimedia developer tools via static IP addresses. Please contact for further information and to initiate this process.


Could we possibly improve this though by not sending a "500 Internal Server Error" but more appropriate 401 Unauthorized or 403 Forbidden?

thx @Aklapper, and agree with @Dzahn opinion, 403 Forbidden may be more appropriate.

Feel free to file a new task about that. :)

Mentioned in SAL (#wikimedia-operations) [2019-08-01T19:20:38Z] <brennen> rolling back to wfm.15 on group1 and group2 while we investigate T229575