https://www.mediawiki.org/wiki/Manual:$wgSquidServersNoPurge and CheckUser XFF should copy with users jumping from IPv6 to IPv4 and back and coping effectively with X-Forwarded-For addresses.
Version: unspecified
Severity: normal
Description
Description
Details
Details
- Reference
- bz35544
| Status | Subtype | Assigned | Task | ||
|---|---|---|---|---|---|
| Resolved | None | T37540 Enable full IPv6 support on Wikimedia wikis | |||
| Resolved | Seb35 | T37544 Cross-protocol support for X-Forwarded-For for both IPv4 and IPv6 |
Event Timeline
Comment Actions
This is about application level proxies (e.g. Squids) that proxy IPv6 users to IPv4 or IPv4 users via IPv6.
Comment Actions
I just tried proxying with nginx an HTTPS on IPv4 (127.0.0.1:443) to a HTTP IPv6 ([::1]:8080) with MediaWiki only responding on [::1]:8080 and configured with $wgSquidServersNoPurge = [ '::1' ]; and the IP recognised by MediaWiki is correctly 127.0.0.1 thanks to the header X-Forwarded-For read in WebRequest::getIP() and the protocol is correctly recognised as HTTPS thanks to the header X-Forwarded-Proto read in WebRequest::detectProtocol().
In particular I find there is no issue regarding IPv4 <-> IPv6 HTTP proxying, and this issue is solved imho. If there is anything else, the issue should be more specifically described.