Page MenuHomePhabricator
Create Task
Maniphest T229575

phabricator server 500 error
Closed, DeclinedPublic
Actions

Description

phabricator 500 Internal Server Error from some France IP.

# ping phabricator.wikimedia.org
PING phabricator.wikimedia.org (91.198.174.192) 56(84) bytes of data.
64 bytes from text-lb.esams.wikimedia.org (91.198.174.192): icmp_seq=1 ttl=56 time=21.7 ms
64 bytes from text-lb.esams.wikimedia.org (91.198.174.192): icmp_seq=2 ttl=56 time=21.6 ms
64 bytes from text-lb.esams.wikimedia.org (91.198.174.192): icmp_seq=3 ttl=56 time=21.7 ms
64 bytes from text-lb.esams.wikimedia.org (91.198.174.192): icmp_seq=4 ttl=56 time=21.5 ms
#  curl -s -D - -o /dev/null https://phabricator.wikimedia.org
HTTP/1.1 500 Internal Server Error
Date: Thu, 01 Aug 2019 12:11:49 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 536
Connection: keep-alive
Server: Apache
X-Powered-By: PHP/7.2.16-1+0~20190307202415.17+stretch~1.gbpa7be82+wmf1
X-Frame-Options: Deny
Content-Security-Policy: default-src https://phab.wmfusercontent.org; img-src https://phab.wmfusercontent.org data:; style-src https://phab.wmfusercontent.org 'unsafe-inline'; script-src https://phab.wmfusercontent.org; connect-src 'self'; frame-src 'self' https://commons.wikimedia.org; frame-ancestors 'none'; object-src 'none'; form-action 'self'; base-uri 'none'
Referrer-Policy: no-referrer
Cache-Control: no-store
Expires: Sat, 01 Jan 2000 00:00:00 GMT
X-Content-Type-Options: nosniff
Set-Cookie: phsid=A%2Fkydgmlb5jr44vjo4ncaty6qg5hfbe7pq5jydlnvj; expires=Tue, 30-Jul-2024 12:11:49 GMT; Max-Age=157680000; path=/; domain=phabricator.wikimedia.org; secure; HttpOnly
Vary: Accept-Encoding
X-Varnish: 1014616393, 762209506, 274913402
Age: 0
X-Cache: cp1079 pass, cp3043 miss, cp3040 pass
X-Cache-Status: miss
Server-Timing: cache;desc="miss"
Strict-Transport-Security: max-age=106384710; includeSubDomains; preload
Set-Cookie: WMF-Last-Access=01-Aug-2019;Path=/;HttpOnly;secure;Expires=Mon, 02 Sep 2019 12:00:00 GMT
X-Analytics: https=1;nocookies=1

Related Objects

Event Timeline

Shizhao created this task.Aug 1 2019, 12:31 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 1 2019, 12:31 PM
Paladox added a subscriber: Paladox.Aug 1 2019, 12:33 PM

Hi, i get "HTTP/2 200 " when running "curl -s -D - -o /dev/null https://phabricator.wikimedia.org".

Shizhao added a comment.Aug 1 2019, 1:32 PM
在T229575#5384207中,@Paladox写道:

Hi, i get "HTTP/2 200 " when running "curl -s -D - -o /dev/null https://phabricator.wikimedia.org".

Just some France IP visit phabricator.

Shizhao updated the task description. (Show Details)Aug 1 2019, 1:33 PM
Aklapper changed the task status from Open to Stalled.Aug 1 2019, 2:20 PM

Could you share an IP range if you are comfortable with that being public? If not, could you share via a private email?

Shizhao added a comment.Aug 1 2019, 5:06 PM

@Aklapper sent an email to you

Aklapper closed this task as Declined.Aug 1 2019, 5:14 PM

@Shizhao: Thank you for sharing your IP via private email!

The current behavior is intentional:

Due to an ongoing security incident[0], certain IP ranges continue to be restricted from accessing various Wikimedia development tools. We realize the incredible inconvenience this places upon legitimate Wikimedia developers affected by these restrictions, but we cannot provide a date by which these restrictions will be removed at this time.
For confirmed, trusted developers (a determination to be made by the Wikimedia Security Team and Trust and Safety), we can potentially offer access to certain Wikimedia developer tools via static IP addresses. Please contact security@wikimedia.org for further information and to initiate this process.

[0] https://lists.wikimedia.org/pipermail/wikitech-l/2019-March/091834.html

Dzahn added a subscriber: Dzahn.Aug 1 2019, 5:17 PM

Could we possibly improve this though by not sending a "500 Internal Server Error" but more appropriate 401 Unauthorized or 403 Forbidden?

Dzahn added a subscriber: 20after4.Aug 1 2019, 5:22 PM
Shizhao added a comment.Aug 1 2019, 5:31 PM

thx @Aklapper, and agree with @Dzahn opinion, 403 Forbidden may be more appropriate.

Aklapper added a comment.Aug 1 2019, 7:16 PM

Feel free to file a new task about that. :)

Stashbot added a comment.Aug 1 2019, 7:20 PM

Mentioned in SAL (#wikimedia-operations) [2019-08-01T19:20:38Z] <brennen> rolling back to wfm.15 on group1 and group2 while we investigate T229575

Dzahn mentioned this in T229620: if phabricator users are blocked due to IP range blocks send a 4xx rather than 500.Aug 1 2019, 8:36 PM
In T229575#5385580, @Aklapper wrote:

Feel free to file a new task about that. :)

ok. T229620

Aklapper mentioned this in T258059: Phabricator: "500 Internal Server Error" when using VPN (due to specific IP range).Jul 15 2020, 7:15 PM
Aklapper mentioned this in T234598: Access Forbidden to Phabricator at WikiArabia 2019 (Morocco) via Indian IP 185.174.156.75.Aug 5 2020, 2:09 PM
Content licensed under Creative Commons Attribution-ShareAlike 3.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL