Page MenuHomePhabricator
Create Task
Maniphest T411250

rest gateway: Record x-trusted-request and x-provenance headers in access logs
Closed, ResolvedPublic
Actions

Description

It would be useful to record the headers described in https://wikitech.wikimedia.org/wiki/CDN/Backend_api in the access logs of the rest gateway (and the api gateway). They provide information that is extremely useful for investigating incidents and identifying high volume unauthenticated clients.

Question: are there any restrictions about recording this information in logs for some time (e.g. 90 days)? The same log would also include the client's IP address. It may also contain the user name or user ID of authenticated users in certain cases.

Related Objects
Search...

Event Timeline

daniel created this task.Nov 28 2025, 11:38 AM
CDanis subscribed.Dec 1 2025, 3:29 PM

Question: are there any restrictions about recording this information in logs for some time (e.g. 90 days)? The same log would also include the client's IP address. It may also contain the user name or user ID of authenticated users in certain cases.

For 90 days this seems totally fine -- the same data all exists in webrequest, and that's how long it is retained there.

CDanis removed a project: Infrastructure-Foundations.Dec 1 2025, 3:29 PM
daniel closed this task as Resolved.Dec 12 2025, 1:05 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits