Remove $wgBlockOpenProxies (or move to an extension)
Closed, ResolvedPublic

Description

From includes/DefaultSettings.php:

/**

  • If you enable this, every editor's IP address will be scanned for open HTTP
  • proxies. *
  • @warning Don't enable this. Many sysops will report "hostile TCP port scans"
  • to your ISP and ask for your server to be shut down.
  • You have been warned. */

As a feature that, according to its documentation, most wikis should not enable, and furthermore one that currently requires a deprecated, undocumented setting ($wgProxyKey) to use securely, does it really make sense to keep it in core MediaWiki?


Version: 1.22.0
Severity: enhancement
See Also:
https://bugzilla.wikimedia.org/show_bug.cgi?id=8475

Details

Reference
bz54597
bzimport raised the priority of this task from to Normal.
bzimport set Reference to bz54597.
bzimport added a subscriber: Unknown Object (MLST).

I think this is a good idea, if anyone is up for doing the work.

Can we just remove it? I'm up for removing. :P

Change 87302 had a related patch set uploaded by PleaseStand:
Remove $wgBlockOpenProxies

https://gerrit.wikimedia.org/r/87302

Change 87302 merged by jenkins-bot:
Remove proxy check in EditPage.php

https://gerrit.wikimedia.org/r/87302

Removal plan works.

How does this relate to bug 8475?

(In reply to comment #6)

How does this relate to bug 8475?

It basically would revert that bug to "WONTFIX".

(In reply to comment #7)

(In reply to comment #6)
> How does this relate to bug 8475?

It basically would revert that bug to "WONTFIX".

Not necessarily. That bug was filed against the Wikimedia product, not against MediaWiki core, and it would still be possible to implement such a feature as an extension.

Change was not complete. It did not remove the proxyunbannable userright from sysop which granted immunity to $wgBlockOpenProxies.

  • Bug 73414 has been marked as a duplicate of this bug. ***

(In reply to Cenarium from comment #9)

Change was not complete. It did not remove the proxyunbannable userright
from sysop which granted immunity to $wgBlockOpenProxies.

The user right was not removed because it also applies to local proxy blocking ($wgProxyList) and DNSBL-based proxy blocking ($wgEnableDnsBlacklist). Please enter a separate report if you want those features removed or moved to extensions.