customers unable to edit Wikipedia because of soft-blocked Zscaler nodes.
Zscaler confirmed they add XFF to the requests. This means we can add them to the list of trusted hosts for XFF: IPs available at https://config.zscaler.com/zscaler.net/cenr.
Description
Description
Details
Details
- Author Affiliation
- Other (Please specify in description)
Related Objects
Related Objects
Event Timeline
Comment Actions
Hi Support team,
I am writing this email to let you know that our customers reported that they are unable to edit Wikipedia page from your website Wikipedia.org. through our proxy servers.
During our troubleshooting, we found that one of your CDN seems to be terminating the connection generated by our proxy servers from multiple nodes.
Would it be possible to open a dialogue to have this ban or throttle policy lifted? If there is something we need to address I would be more than happy to assist you on that.
Note: As a company (https://www.zscaler.com) we provide cloud-based security solutions to our customers. It is possible that you are seeing a large volume of traffic from our IP address. This is not uncommon as we may have up to 50k+ users behind a single node.
This link has all the IP addresses used by the Zscaler proxy
https://config.zscaler.com/zscloud.net/cenr
Blocked Host range
165.225.232.0/23
165.225.114.0/23
Comment Actions
T298241: Add Zscaler to list of trusted hosts for XFF already added numerous different ranges for Zscaler...
Comment Actions
Hello Team,
Can you confirm me whether the below ranges also have been added ?
Blocked Host range
165.225.232.0/23
165.225.114.0/23
Comment Actions
They've been added since rETXFa43eb222caf6: Add more Zscaler ranges, which is nearly 2 months ago.
It's unclear what is needed/wanted to be done here. Maybe something for Traffic (I know, I untagged them).
https://wikitech-static.wikimedia.org/wiki/Reporting_a_connectivity_issue
Comment Actions
Hello Reedy,
Do you mean that the mentioned range has already been added ?
We are still able to see the block. Can you check and let me know.
[image: image.png]
Regards,
Sirisha
Comment Actions
Yes, around the 5th January.
We are still able to see the block. Can you check and let me know.
Adding the XFF headers does not automatically get you unblocked or anything like that. It's just a technical control so the XFF headers are passed through.
The message you screenshotted basically tells you what you need to do.
https://meta.wikimedia.org/wiki/Steward_requests/Global
You should be able to edit that page to make a request.
You can link to this ticket https://phabricator.wikimedia.org/T302780 and also https://phabricator.wikimedia.org/T298241.
Or, if you were the original requestor via email to have your IPs added to the XFF list, you can reply back to your ticket #2021122310004481 and request the relevant global blocks be lifted.
Or just email stewards@wikimedia.org freshly. Again referencing the previous ticket and also these two phabricator tickets