Require SSL for AOL users on enwiki
Closed, ResolvedPublic


Author: ayg

Wiktionary now requires all AOL users to use SSL when editing, which bypasses
the proxies that make AOL vandals so frustrating to deal with. (See There have been repeated
attempts at suggesting that the solution be implemented for enwiki as well,
accompanied by rumors that the server load would be too great. I could find no
bug filed on this, so I'm opening this to get an official answer on whether this
is possible.

Version: unspecified
Severity: normal


bzimport set Reference to bz6459.
bzimport added a subscriber: Unknown Object (MLST).
bzimport created this task.Jun 27 2006, 4:05 AM

No changes are needed. already is able to all? projects.
Simply change the url from to and advertise it
properly. The same applies for other projects/languages.

robchur wrote:

Do *not* advertise this for general use; the box handling requests can't serve
the load. This is part of the reason we didn't advertise it for general use when
it was set up.

Actually, we're already advertising it to users hit by AOL blocks, or at least
to those among them who take the time to read [[Wikipedia:Advice_to_AOL_users]]
(linked to from [[MediaWiki:Blockedtext]] on enwiki) all the way to the end.

robchur wrote:

Very carefully re-read my sentence and note the "for general use" clause. If
that's been there so far and the load hasn't killed the box in question, then we
can deduce there's no problem, or that AOL users can't read.

Sure. I wasn't trying to argue with you, Rob, just comment on the current
situation. Your deduction seems sound to me, too. :)

ayg wrote:

Well, this request was for a secure server such that all AOL users could be
blocked from editing over insecure servers. Apparently, from what Rob says,
they can't yet, so is this actually FIXED?

More broadly, I think we'd want an automatic redirect to secure servers for AOL
users, which I assume would require a software change. Ideal behavior would be:
AOL anon sees something he wants to edit, clicks Edit, gets invisibly redirected
to, and happily edits away, from his
perspective indistinguishably from any other user unless he happens to glance at
the URL. Is this Wikimedia, MediaWiki, or some freakish mutant hybrid of both?

Maybe AOL support X_FORWARDED_FOR header ? That might solve the issue.

ayg wrote:

(In reply to comment #7)

Maybe AOL support X_FORWARDED_FOR header ?

[[w:Wikipedia:Dealing with AOL vandals]] says it doesn't. As far as I know
(could be wrong), AOL uses proxies the way it does explicitly for the "privacy"
of its users, so that makes sense.

Add Comment