Page MenuHomePhabricator
Create Task
Maniphest T840

Show correct external IP addresses (XFF support) in activity log
Closed, DuplicatePublic
Actions

Description

It seems Phabricator is reporting any activity as that of cp1043/10.64.0.171, rather than the users external IP address

[23:07:58] <Reedy> https://phabricator.wikimedia.org/settings/panel/activity/
[23:08:03] <Reedy> IP 10.64.0.171
[23:08:10] <Reedy> Does it not have xff or similar?
[23:09:32] <chasemp> xff?
[23:10:00] <Reedy> X-Forwarded-For
[23:10:17] <Reedy> we have something in MW so edits don't appear as being the varnish boxen (was for squid previously)
[23:11:21] <chasemp> it's a good thought and I guess it doesn't have the context, maybe we can fix that
[23:11:29] <twentyafterfour> it's a simple fix
[23:11:50] <twentyafterfour> https://secure.phabricator.com/book/phabricator/article/configuring_preamble/
[23:12:08] <Reedy> Shall I open a task for it?
[23:12:20] <chasemp> please
[23:12:27] <twentyafterfour> $_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_X_FORWARDED_FOR']; // this goes in support/preamble.php

example activity

Details

SubjectRepoBranchLines +/-
preamble script to read client address from HTTP_X_FORWARDED_FORoperations/puppetproduction+76 -64
Customize query in gerrit

Related Objects

Event Timeline

Reedy created this task.Oct 23 2014, 10:16 PM
Reedy raised the priority of this task from to Needs Triage.
Reedy updated the task description. (Show Details)
Reedy added a project: Bugzilla-Migration.
Reedy changed Security from none to None.
Reedy updated the task description. (Show Details)
Reedy subscribed.
chasemp renamed this task from Show correct external IP addresses (XFF support) to Show correct external IP addresses (XFF support) in activity log.Oct 23 2014, 10:24 PM
chasemp triaged this task as Medium priority.
chasemp updated the task description. (Show Details)
mmodell claimed this task.Oct 23 2014, 10:47 PM

I'm on this

mmodell added a project: Patch-For-Review.Oct 23 2014, 10:48 PM

https://gerrit.wikimedia.org/r/168509

Qgil moved this task from Backlog to Doing on the Bugzilla-Migration board.Oct 30 2014, 7:50 AM
Qgil edited projects, added Phabricator; removed Bugzilla-Migration.Nov 10 2014, 8:15 PM
Qgil added subscribers: mmodell, Qgil.Nov 27 2014, 8:15 AM
In T840#14192, @mmodell wrote:

https://gerrit.wikimedia.org/r/168509

This patch says

Abandoned
this functionality is incorporated into the redirection code in another changeset.

The redirection code was deployed, but this problem hasn't been solved yet.

Qgil moved this task from To Triage to Doing on the Phabricator board.Nov 27 2014, 8:15 AM
mmodell added a subscriber: chasemp.Jan 14 2015, 5:07 AM

@Qgil: It was abandoned because @chasemp wasn't comfortable with it for some reason. He wanted this handled separate from the redirection code (although that's where it belongs, IMO)

mmodell added a comment.Jan 14 2015, 5:20 AM

Re-submitted this change: https://gerrit.wikimedia.org/r/#/c/184837/

chasemp added a comment.Jan 14 2015, 6:03 AM

Ah, yes we waited on this but only for post migration so this should be fine.

chasemp changed the task status from Open to Stalled.Feb 11 2015, 6:25 PM

Does not work as of now: https://secure.phabricator.com/T7114

chasemp lowered the priority of this task from Medium to Lowest.Mar 23 2015, 4:30 PM
mmodell edited projects, added Phabricator (Upstream); removed Phabricator, Patch-For-Review.Mar 28 2015, 4:38 AM
Qgil moved this task from Backlog to Ready To Go on the Phabricator (Upstream) board.Apr 6 2015, 3:45 PM
Krenair moved this task from Ready To Go to Upstreamed on the Phabricator (Upstream) board.Apr 11 2015, 9:12 PM
Arseny1992 subscribed.May 28 2015, 7:35 AM
mmodell merged a task: T105044: https://phabricator.wikimedia.org/settings/panel/activity/ has wrong IP data (only internal IPs).Jul 9 2015, 6:38 AM
mmodell added subscribers: Nemo_bis, Aklapper, scfc, Nikerabbit.
mmodell added a comment.Jul 9 2015, 6:44 AM

This was blocked by the upstream bug that Chase linked above. It's now unblocked, apparently, as that bug has been fixed. I can implement the preamble script to make this report proper IPs but @Nemo_bis raised a concern about storing IPs in T105044. I'm not sure how to proceed.

mmodell changed the task status from Stalled to Open.Jul 9 2015, 6:45 AM
Aklapper added a comment.Jul 9 2015, 12:49 PM
In T840#1440132, @mmodell wrote:

@Nemo_bis raised a concern about storing IPs in T105044.

I'd love to see a bit more elaboration on "Not storing private information in Phabricator is probably good" to understand better what's the potential problem to discuss.

Nemo_bis added a comment.Jul 10 2015, 9:21 PM

Mine was not a concern about something, just a non-concern for the lack of it.

Nemo_bis unsubscribed.Jul 10 2015, 9:21 PM
Aklapper mentioned this in T104920: Add edges to Phabricator task data dump transaction history.Aug 3 2015, 9:39 AM
Aklapper merged a task: T110796: Phabricator activity logs shows private IPs.Aug 29 2015, 11:06 AM
Aklapper added a subscriber: revi.
Addshore awarded a token.Aug 29 2015, 11:07 AM
Negative24 subscribed.Aug 29 2015, 2:18 PM
chasemp closed this task as a duplicate of T114014: Enable mod_remoteip on Phabricator and ensure logs follow retention guidelines.Oct 7 2015, 9:44 PM
greg added a project: Essential-Work.Jan 13 2016, 9:39 PM
Danny_B added a project: Upstream.May 23 2016, 6:06 PM
Restricted Application added a subscriber: TerraCodes. · View Herald TranscriptMay 23 2016, 6:06 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL