Page MenuHomePhabricator

Can 'Post-expand include size' be separated from '$wgMaxArticleSize'?
Open, Needs TriagePublicBUG REPORT


It seems that the threshold of "Post-expand include size" comes from the setting of "$wgMaxArticleSize". It is too difficult for me to know the origin of its default value (2MB), and it is very important for DDoS defense, but considering T15260, quoted from Template limits

Note that the sizes of the wikitexts of all expanded templates and parser functions are added, even in the case of nesting (see bugzilla 13260,or phab:T15260), so extra levels increase the count. If page A transcludes B and B does nothing but transclude C, then the size of C will be counted twice towards the post-expand include size on page A...

The "Post-expand include size" is twice as many bytes as the source code should actually be after expansion, which seems to be a common phenomenon and is beyond the strength needed to defend against DDoS.

Take zhwiki (the wiki project I work on) as an example:

Defending against attacks by limiting input is important, but the side effects of T15260 also appear to be more than expected. So I strongly recommend decoupling the "Post-expand include size" threshold setting from "$wgMaxArticleSize" and assuming that due to the presence of T15260, the "Post-expand include size" will be twice as large as the original code (default value 4MB, which is twice the default value of "$wgMaxArticleSize"), or allow custom settings without affecting the effect of "$wgMaxArticleSize".

BTW, I also hope that someone can continue the investigation of T15260, why is it twice, and where is the problem? I've heard that the foundation's back-up funds are abundant, and I hope these funds can be spent in more appropriate places.