Page MenuHomePhabricator
Create Task
Maniphest T298264

Use $wgHTTPProxy in Wikimedia production
Open, Needs TriagePublic
Actions

Description

We have a bunch of one-off proxies configured: $wgTorBlockProxy, $wgRSSProxy, $wgMediaModerationHttpProxy, $wgMachineVisionHttpProxy from a quick skim.

Any external requests need to go through a proxy (url-downloader typically) to bypass the firewall.

With $wgLocalHTTPProxy, we now automatically determine whether the request should go over a reverse proxy if the domain matches the specific list of local MediaWiki hosts. We should do the same for $wgHTTPProxy.

In the end requests could take 3 options:

  • local (in $wgLocalVirtualHosts), goes over $wgLocalHTTPProxy
  • local-but-not-MediaWiki (in some new $wgLocalHTTPDomains variable), uses no proxy
    • Note that most of these requests technically use a envoyproxy, but that's explicitly configured as the destination URL, rather than MW treating it as a proxy
  • external, uses $wgHTTPProxy

Related Objects

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits