Page MenuHomePhabricator

Cross-protocol support for X-Forwarded-For for both IPv4 and IPv6
Closed, ResolvedPublic

Description

https://www.mediawiki.org/wiki/Manual:$wgSquidServersNoPurge and CheckUser XFF should copy with users jumping from IPv6 to IPv4 and back and coping effectively with X-Forwarded-For addresses.


Version: unspecified
Severity: normal

Details

Reference
bz35544

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 22 2014, 12:09 AM
bzimport set Reference to bz35544.
bzimport added a subscriber: Unknown Object (MLST).

I'm not sure what this is about.

This is about application level proxies (e.g. Squids) that proxy IPv6 users to IPv4 or IPv4 users via IPv6.

Seb35 claimed this task.
Seb35 subscribed.

I just tried proxying with nginx an HTTPS on IPv4 (127.0.0.1:443) to a HTTP IPv6 ([::1]:8080) with MediaWiki only responding on [::1]:8080 and configured with $wgSquidServersNoPurge = [ '::1' ]; and the IP recognised by MediaWiki is correctly 127.0.0.1 thanks to the header X-Forwarded-For read in WebRequest::getIP() and the protocol is correctly recognised as HTTPS thanks to the header X-Forwarded-Proto read in WebRequest::detectProtocol().

In particular I find there is no issue regarding IPv4 <-> IPv6 HTTP proxying, and this issue is solved imho. If there is anything else, the issue should be more specifically described.