Request to enable XFF headers for wikisource VPS project
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	MusikAnimal
	Apr 1 2021, 9:57 PM

Description

Project Name:
wikisource

Request:
Enable XFF headers for the wikisource VPS project, or if it is done on a per-instance level, specifically wsexport-prod01.wikisource.eqiad.wmflabs

Rationale:
Similar to the situation with XTools (see T135046#6056334), WS Export is subject to significant disruptive automation by web crawlers and click-happy bots, which can compromise the health and uptime of our service. Community-Tech maintains the tool and have blocked most everything we can by user agent, but some users (which I can only suspect are bots, but nonetheless are disruptive) continue to hammer away, very often with human-like user agents that we can't block without risk of collateral damage.

Having the ability to block IPs in XTools has been absolute blessing. Stability has been better than ever as a result. We are requesting to have the same luxury with WS Export so that we can ensure our users have a dependable service. Thank you for the consideration!

Related Objects

Mentioned In: T278439: Wikisource Export: determine how changes in activity may coordinate with our releases
Mentioned Here: T135046: Allowlist Cloud VPS instances that need XFF header passed through the web proxy

Event Timeline

MusikAnimal created this task.Apr 1 2021, 9:57 PM

Restricted Application added a project: Community-Tech. · View Herald TranscriptApr 1 2021, 9:57 PM

Restricted Application added a subscriber: Aklapper. · View Herald Transcript

I'll note all wikisource project members are staff, apart from one volunteer who may or may have not signed any NDAs. They are a highly trusted user and I'm sure we can arrange they sign any applicable documents if necessary.

ifried moved this task from New & TBD Tickets to Needs Discussion on the Community-Tech board.Apr 1 2021, 10:24 PM

• taavi edited projects, added cloud-services-team (Kanban); removed Cloud-Services.Apr 2 2021, 7:06 AM

MusikAnimal mentioned this in T278439: Wikisource Export: determine how changes in activity may coordinate with our releases.Apr 6 2021, 12:36 AM

As long as this is limited to that particular project this seems fine.

Andrew triaged this task as Medium priority.Apr 13 2021, 4:13 PM

Andrew moved this task from Inbox to Soon! on the cloud-services-team (Kanban) board.

bd808 moved this task from Soon! to Clinic Duty on the cloud-services-team (Kanban) board.Apr 13 2021, 11:39 PM

Mentioned in SAL (#wikimedia-cloud) [2021-04-14T09:09:23Z] <arturo> enable XFF for wsexport.{wmflabs,wmcloud}.org https://gerrit.wikimedia.org/r/plugins/gitiles/cloud/instance-puppet/+/10fd2f002c3c2b20d5ca9b359b540e33789defc0%5E%21/#F0 (T279111)

Done! I also enabled XFF for wsexport.wmcloud.org in case you migrate to the new domain name.

In T279111#6997399, @aborrero wrote:

Done! I also enabled XFF for wsexport.wmcloud.org in case you migrate to the new domain name.

Thanks! We're actually at https://ws-export.wmcloud.org these days (note the hyphen-minus -), so I don't think your commit had any effect. I should have provided the URL, my apologies.

Mentioned in SAL (#wikimedia-cloud) [2021-04-15T09:15:05Z] <arturo> refresh hiera XFF entry for ws-export.wmcloud.org T279111

Thanks, try now!

Works great now, thank you!

@aborrero Is there any chance you could add https://ws-export-test.wmcloud.org/ too? We have some new throttling logic we'd like to test outside our production instance. Thanks!

Mentioned in SAL (#wikimedia-cloud) [2022-02-02T17:05:03Z] <arturo> add ws-export-test.wmcloud.org to XFF allowlist (af9e47341ad063f3f0c34b516f8963f7fe82cff9) (T279111)

done!

Request to enable XFF headers for wikisource VPS projectClosed, ResolvedPublicActions

Description

Related Objects

Event Timeline

Request to enable XFF headers for wikisource VPS project
Closed, ResolvedPublic
Actions