Require SSL for AOL users on enwiki
Closed, ResolvedPublic

Description

Author: ayg

Description:
Wiktionary now requires all AOL users to use SSL when editing, which bypasses
the proxies that make AOL vandals so frustrating to deal with. (See
http://en.wiktionary.org/wiki/Wiktionary:AOL.) There have been repeated
attempts at suggesting that the solution be implemented for enwiki as well,
accompanied by rumors that the server load would be too great. I could find no
bug filed on this, so I'm opening this to get an official answer on whether this
is possible.


Version: unspecified
Severity: normal

bzimport added a subscriber: Unknown Object (MLST).
bzimport set Reference to bz6459.
bzimport created this task.Via LegacyJun 27 2006, 4:05 AM
Platonides added a comment.Via ConduitJun 28 2006, 11:13 AM

No changes are needed. Secure.wikimedia.org already is able to all? projects.
Simply change the url from
https://secure.wikimedia.org/wiktionary/en/wiki/Main_Page to
https://secure.wikimedia.org/wikipedia/en/wiki/Main_Page and advertise it
properly. The same applies for other projects/languages.

bzimport added a comment.Via ConduitJun 28 2006, 1:44 PM

robchur wrote:

Do *not* advertise this for general use; the box handling requests can't serve
the load. This is part of the reason we didn't advertise it for general use when
it was set up.

Ilmari_Karonen added a comment.Via ConduitJun 28 2006, 1:50 PM

Actually, we're already advertising it to users hit by AOL blocks, or at least
to those among them who take the time to read [[Wikipedia:Advice_to_AOL_users]]
(linked to from [[MediaWiki:Blockedtext]] on enwiki) all the way to the end.

bzimport added a comment.Via ConduitJun 28 2006, 1:51 PM

robchur wrote:

Very carefully re-read my sentence and note the "for general use" clause. If
that's been there so far and the load hasn't killed the box in question, then we
can deduce there's no problem, or that AOL users can't read.

Ilmari_Karonen added a comment.Via ConduitJun 28 2006, 1:56 PM

Sure. I wasn't trying to argue with you, Rob, just comment on the current
situation. Your deduction seems sound to me, too. :)

bzimport added a comment.Via ConduitJun 28 2006, 6:20 PM

ayg wrote:

Well, this request was for a secure server such that all AOL users could be
blocked from editing over insecure servers. Apparently, from what Rob says,
they can't yet, so is this actually FIXED?

More broadly, I think we'd want an automatic redirect to secure servers for AOL
users, which I assume would require a software change. Ideal behavior would be:
AOL anon sees something he wants to edit, clicks Edit, gets invisibly redirected
to https://en.wikipedia.org/wiki/..., and happily edits away, from his
perspective indistinguishably from any other user unless he happens to glance at
the URL. Is this Wikimedia, MediaWiki, or some freakish mutant hybrid of both?

hashar added a comment.Via ConduitJun 28 2006, 6:41 PM

Maybe AOL support X_FORWARDED_FOR header ? That might solve the issue.

http://meta.wikimedia.org/wiki/XFF_project

bzimport added a comment.Via ConduitJun 28 2006, 6:43 PM

ayg wrote:

(In reply to comment #7)

Maybe AOL support X_FORWARDED_FOR header ?

[[w:Wikipedia:Dealing with AOL vandals]] says it doesn't. As far as I know
(could be wrong), AOL uses proxies the way it does explicitly for the "privacy"
of its users, so that makes sense.

Add Comment