Tor and "X-Forwarded-For"

classic Classic list List threaded Threaded
21 messages Options
12
Reply | Threaded
Open this post in threaded view
|

Tor and "X-Forwarded-For"

freakofnurture
Hello sirs. I've been in communication with a user who feels that my block of his IP address is inappropriate. E-mail correspondence follows.

----
On 3/21/06, Wwwwolf wrote:

Hello,

213.216.199.14 (Tuira-P1.suomi.net) is currently blocked, with the reasoning being that it's suspected to be an open proxy.

This is indeed a proxy (but not an open one - or at least it's not *supposed* to be, I think), used by my ISP (Oulun Puhelin Oy, a.k.a. Oulu Telephone Company, Oulu, Finland). The thing is, it's a transparent proxy that the ISP uses by default, and I'm not aware of any way for the users to disable it (aside of using any other port besides 80, of course).

The proxy has been blocked a few times before on fi.wikipedia for vandalism. The host name suggests it's a proxy for the users of Tuira region in Oulu, and since I'm not that close to Tuira, I take an educated guess it handles a huge chunk of the  northern Oulu (remember, I'm not really that familiar with the ISP's inner working, just guesses). I'd *hate* to drag every luser in this big neighborhood out of their homes and ask them nicely, with a baseball bat, if they have been adding crap to WP. There *has* to be a nicer solution to this than that, right?

There's an unrepentent vandal in the neighborhood. What a scary thought. Maybe I should move to Siberia. Meanwhile, maybe I need to edit from the university =(

----
On 3/22/06, freakofnurture wrote:

If what you said was true, I would not have been able to perform this edit through it:

http://en.wikipedia.org/w/index.php?title=Wikipedia:Sandbox&diff=prev&oldid=44333667

Sorry, your IP is a Tor proxy.

----
On 3/22/06, Wwwwolf wrote:

All right, so my guess is there's some Bloody Idiot in the neighborhood who runs a Tor node, 80/tcp traffic comes out of that host and gets intercepted and forwarded by the ISP's proxy (that *every* customer is forced to use, I remind you again).

In other words, the blocked IP is, in my educated guess, *not* the Tor node. It just unwittingly hides a Tor node behind it.

So what exactly are we going to do here? Call the ISP (who are a Phone Company, I remind you again) and ask them to remind people that
running Tor is very, very stupid because it makes rest of the customers unable to edit Wikipedia? Or ask them to take fascist measures to make the people not to run Tor exit points from home? Or move to Siberia; goodbye, cruel world?

I'm not questioning the wisdom of blocking the thing if Tor traffic really goes through here; all I'm saying this causes a lot of collateral damage. And what am I supposed to do now? Look like a Chinese dissident and use Privoxy, the most incomprehensible program devised by mankind since the advent of Sendmail? I would rather not try to specifically avoid IP bans even if I'm supposedly the innocent party.

----
On 3/22/06, Wwwwolf wrote:

Still on the open proxy issue:

It seems that the proxy does provide a valid X-Forwarded-For header. I made a small script on my web host that spits out the HTTP remote address and X-Forwarded-For header, and got 213.216.199.14 (Tuira-P1.suomi.net) and 82.128.217.58 (addr-82-128-217-58.suomi.net) respectively, latter of which appears to be my correct IP.

Now please don't tell me Mediawiki can't block based on X-Forwarded-For. This is the year 2006, after all... =)

----
[end of correspondence]
----

So, I'm wondering whether this is a shaggy dog story, or blatant trolling, or possibly an alibi with plausible technical merit. I was about to post this to [[WP:BJAODN]], but a fellow administrator referred me to this list. All I know is... if *I* was able to make a sandbox edit of "Tor proxy ~~~~" using his IP, anybody could just as easily the IP for abusive purposes. Suffice it to say I don't know what to tell the guy.

--freakofnurture
Reply | Threaded
Open this post in threaded view
|

Re: Tor and "X-Forwarded-For"

Rich Morin
At 10:58 AM -0800 3/22/06, freakofnurture wrote:
> Meanwhile, maybe I need to edit from the university =(

You may be able to edit _through_ the university, by means
of SSH port forwarding.

-r
--
http://www.cfcl.com/rdm            Rich Morin
http://www.cfcl.com/rdm/resume     [hidden email]
http://www.cfcl.com/rdm/weblog     +1 650-873-7841

Technical editing and writing, programming, and web development
_______________________________________________
Wikitech-l mailing list
[hidden email]
http://mail.wikipedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Tor and "X-Forwarded-For"

Jay Ashworth-2
In reply to this post by freakofnurture
On Wed, Mar 22, 2006 at 10:58:30AM -0800, freakofnurture wrote:
> So, I'm wondering whether this is a shaggy dog story, or blatant trolling,
> or possibly an alibi with plausible technical merit. I was about to post
> this to [[WP:BJAODN]], but a fellow administrator referred me to this list.
> All I know is... if *I* was able to make a sandbox edit of "Tor proxy ~~~~"
> using his IP, anybody could just as easily the IP for abusive purposes.
> Suffice it to say I don't know what to tell the guy.

Well, for what my opinion is worth (I'm not a Wikimedia admin, but I've
been on the net for about 23 years) the writer doesn't sound like a) an
idiot, or b) a kook.  He may be slightly uninformed technically (though
I'm not sure I even think that), but...

Let me make sure I'm following your perception: he says the HTTP proxy
which is blocked a) isn't his, b) isn't easily avoidable  c) causes
collateral damage and d) is "safe", and you believe one or more of
those assertions to be factually inaccurate?

Cheers,
-- jra
--
Jay R. Ashworth                                                [hidden email]
Designer                          Baylink                             RFC 2100
Ashworth & Associates        The Things I Think                        '87 e24
St Petersburg FL USA      http://baylink.pitas.com             +1 727 647 1274

     A: Because it messes up the order in which people normally read text.
     Q: Why is top-posting such a bad thing?
     
     A: Top-posting.
     Q: What is the most annoying thing on Usenet and in e-mail?
_______________________________________________
Wikitech-l mailing list
[hidden email]
http://mail.wikipedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Tor and "X-Forwarded-For"

Ilmari Karonen
In reply to this post by freakofnurture
freakofnurture wrote:

> ----
> On 3/22/06, Wwwwolf wrote:
>
> All right, so my guess is there's some Bloody Idiot in the neighborhood who
> runs a Tor node, 80/tcp traffic comes out of that host and gets intercepted
> and forwarded by the ISP's proxy (that *every* customer is forced to use, I
> remind you again).
>
> In other words, the blocked IP is, in my educated guess, *not* the Tor node.
> It just unwittingly hides a Tor node behind it.

This sounds quite plausible.  I've encountered a similar situation with
213.42.2.11 and 213.42.2.21, which are proxies used by a large ISP in
the United Arab Emirates.  Some customer of that ISP apparently has a
proxy trojan on their computer, and so we keep getting open proxy
vandalism from those IPs, which can't be blocked without major
collateral damage.

I believe MediaWiki does have a list of "known" proxies that can be
trusted to supply a valid X-Forwarded-For header.  As the whois records
for 213.216.199.14 seem legit, and the proxy appears to provide the
necessary headers, I personally see no reason not to add it to the list.

--
Ilmari Karonen
_______________________________________________
Wikitech-l mailing list
[hidden email]
http://mail.wikipedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Tor and "X-Forwarded-For"

freakofnurture
In reply to this post by Jay Ashworth-2
Jay R. Ashworth wrote
Well, for what my opinion is worth (I'm not a Wikimedia admin, but I've
been on the net for about 23 years) the writer doesn't sound like a) an
idiot, or b) a kook.  He may be slightly uninformed technically (though
I'm not sure I even think that), but...

Let me make sure I'm following your perception: he says the HTTP proxy
which is blocked a) isn't his, b) isn't easily avoidable  c) causes
collateral damage and d) is "safe", and you believe one or more of
those assertions to be factually inaccurate?
a) I am assuming that mr. wwwwolf is in fact a legitimate user of the ISP that he describes.
b) I am assuming this is his only ISP, i.e., he doesn't have access to an alternate ISP for purposes of editing wikipedia.
c) I have, at this time, no reason to believe he's a vandal, therefore I assume denial of service to him would be considered collateral damage, yes.
d) I know for a fact that anybody in the world can configure his or her web browser to use his IP address (213.216.199.14, just as I did to in the [[Wikipedia:Sandbox]] to find out [1] what the IP was, and [2] whether or not it had already been blocked) without any authentication or accountability whatsoever, so I would not consider it "safe" by any means.

I count 3 out of 4 to be inaccurate.

--freakofnurture
Reply | Threaded
Open this post in threaded view
|

Re: Tor and "X-Forwarded-For"

freakofnurture
In reply to this post by Ilmari Karonen
Ilmari Karonen wrote
This sounds quite plausible.  I've encountered a similar situation with
213.42.2.11 and 213.42.2.21, which are proxies used by a large ISP in
the United Arab Emirates.  Some customer of that ISP apparently has a
proxy trojan on their computer, and so we keep getting open proxy
vandalism from those IPs, which can't be blocked without major
collateral damage.

I believe MediaWiki does have a list of "known" proxies that can be
trusted to supply a valid X-Forwarded-For header.  As the whois records
for 213.216.199.14 seem legit, and the proxy appears to provide the
necessary headers, I personally see no reason not to add it to the list.
So what should I tell the guy?

--freakofnurture
Reply | Threaded
Open this post in threaded view
|

Re: Tor and "X-Forwarded-For"

Tim Starling
freakofnurture wrote:

>
> Ilmari Karonen wrote:
>
>>This sounds quite plausible.  I've encountered a similar situation with
>>213.42.2.11 and 213.42.2.21, which are proxies used by a large ISP in
>>the United Arab Emirates.  Some customer of that ISP apparently has a
>>proxy trojan on their computer, and so we keep getting open proxy
>>vandalism from those IPs, which can't be blocked without major
>>collateral damage.
>>
>>I believe MediaWiki does have a list of "known" proxies that can be
>>trusted to supply a valid X-Forwarded-For header.  As the whois records
>>for 213.216.199.14 seem legit, and the proxy appears to provide the
>>necessary headers, I personally see no reason not to add it to the list.
>>
>
> So what should I tell the guy?

I have added 213.216.199.14 to the list. I recently documented Wikipedia's X-Forwarded-For setup, at:

http://meta.wikimedia.org/wiki/XFF_project

I would appreciate some help in advertising that meta page on Wikipedia, could you add links
wherever it's relevant? Requests for adding proxies to the list can be made on the talk page, or to
me by email.

-- Tim Starling

_______________________________________________
Wikitech-l mailing list
[hidden email]
http://mail.wikipedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Tor and "X-Forwarded-For"

Jay Ashworth-2
In reply to this post by freakofnurture
On Wed, Mar 22, 2006 at 06:24:13PM -0800, freakofnurture wrote:

> Jay R. Ashworth wrote:
> > Well, for what my opinion is worth (I'm not a Wikimedia admin, but I've
> > been on the net for about 23 years) the writer doesn't sound like a) an
> > idiot, or b) a kook.  He may be slightly uninformed technically (though
> > I'm not sure I even think that), but...
> >
> > Let me make sure I'm following your perception: he says the HTTP proxy
> > which is blocked a) isn't his, b) isn't easily avoidable  c) causes
> > collateral damage and d) is "safe", and you believe one or more of
> > those assertions to be factually inaccurate?
>
> a) I am assuming that mr. wwwwolf is in fact a legitimate user of the ISP
> that he describes.
> b) I am assuming this is his only ISP, i.e., he doesn't have access to an
> alternate ISP for purposes of editing wikipedia.
> c) I have, at this time, no reason to believe he's a vandal, therefore I
> assume denial of service to him would be considered collateral damage, yes.
> d) I know for a fact that anybody in the world can configure his or her web
> browser to use his IP address (213.216.199.14, just as I did to in the
> [[Wikipedia:Sandbox]] to find out [1] what the IP was, and [2] whether or
> not it had already been blocked) without any authentication or
> accountability whatsoever, so I would not consider it "safe" by any means.
>
> I count 3 out of 4 to be inaccurate.

Ok.  Clearly I read you backwards.

So your problem is that his ISP doesn't limit use of their proxy to
their own customers, then?  If that's the case, and, as he notes, it's
unlikely to be possible to make them change it (though you never know),
then it does appear to be a dilemma.

If the situation occurs often (ISP-run open proxies which must be
edit-blocked), then perhaps a redirect to a "your ISP runs an open
HTTP proxy at $IP_ADDRESS; if you want to contribute, you'll need to
find a different way to get here, or pressure them to restrict the
proxy to only their customers" page might be hacked in...

Cheers,
-- jra
--
Jay R. Ashworth                                                [hidden email]
Designer                          Baylink                             RFC 2100
Ashworth & Associates        The Things I Think                        '87 e24
St Petersburg FL USA      http://baylink.pitas.com             +1 727 647 1274

     A: Because it messes up the order in which people normally read text.
     Q: Why is top-posting such a bad thing?
     
     A: Top-posting.
     Q: What is the most annoying thing on Usenet and in e-mail?
_______________________________________________
Wikitech-l mailing list
[hidden email]
http://mail.wikipedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Tor and "X-Forwarded-For"

Phil Boswell
In reply to this post by Tim Starling
Tim Starling wrote
I recently documented Wikipedia's X-Forwarded-For setup, at:

http://meta.wikimedia.org/wiki/XFF_project

I would appreciate some help in advertising that meta page on Wikipedia, could you add links
wherever it's relevant? Requests for adding proxies to the list can be made on the talk page, or to
me by email.
So when someone is blocked because they are working through an open proxy, do we currently inform them of the admirable "XFF Project"?

Should we?
--
Phil
Reply | Threaded
Open this post in threaded view
|

Re: Tor and "X-Forwarded-For"

Ilmari Karonen
Phil Boswell wrote:
> Tim Starling wrote:
>
>>I recently documented Wikipedia's X-Forwarded-For setup, at:
>>
>>http://meta.wikimedia.org/wiki/XFF_project
>>
>>I would appreciate some help in advertising that meta page on Wikipedia,
>>could you add links wherever it's relevant? Requests for adding proxies
 >>to the list can be made on the talk page, or to me by email.
>
> So when someone is blocked because they are working through an open proxy,
> do we currently inform them of the admirable "XFF Project"?
>
> Should we?

Most open proxies are not ones we could ever trust to provide reliable
XFF headers.  The feature is mostly useful for ISPs and other
organizations that force their users to pass all HTTP traffic through
their own (closed) proxies.

It might be useful to add a mention to the {{SharedIP}} template.  To
make the change effective, we'd also need to have a bot fix all the
substed instances of that template.

--
Ilmari Karonen
_______________________________________________
Wikitech-l mailing list
[hidden email]
http://mail.wikipedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Tor and "X-Forwarded-For"

Phil Boswell
Ilmari Karonen wrote
Phil Boswell wrote:
[snip]
> So when someone is blocked because they are working through an open proxy,
> do we currently inform them of the admirable "XFF Project"?
> Should we?
It might be useful to add a mention to the {{SharedIP}} template.  To
make the change effective, we'd also need to have a bot fix all the
substed instances of that template.
This is where I manfully suppress my opinion of the mad rush to SUBSTitute every damn template on the wiki...

Does anyone recall what the actual point of having templates was?

Oh yes: so we could update stuff in a single place and have it propagate automatically.

ObSheesh: sheesh!
--
Phil
Reply | Threaded
Open this post in threaded view
|

Re: Tor and "X-Forwarded-For"

Gregory Price-3
In reply to this post by freakofnurture
On 3/22/06, freakofnurture <[hidden email]> wrote:
> On 3/22/06, freakofnurture wrote:
>
> If what you said was true, I would not have been able to perform this edit
> through it:
>
> http://en.wikipedia.org/w/index.php?title=Wikipedia:Sandbox&diff=prev&oldid=44333667
>
> Sorry, your IP is a Tor proxy.

Do you mean you fired up a Tor client, told it to make a route
with 213.216.199.14 as the exit node, and then made this edit?

Or did you use 213.216.199.14 as a straightforward web proxy?


> On 3/22/06, Wwwwolf wrote:
>
> All right, so my guess is there's some Bloody Idiot in the neighborhood who
> runs a Tor node, 80/tcp traffic comes out of that host and gets intercepted
> and forwarded by the ISP's proxy (that *every* customer is forced to use, I
> remind you again).
>
> In other words, the blocked IP is, in my educated guess, *not* the Tor node.
> It just unwittingly hides a Tor node behind it.

I think Wwwwolf has the right explanation here.
There's no Tor node at 213.216.199.14:
  http://serifos.eecs.harvard.edu/cgi-bin/exit.pl?addr=1
but there are 82.128.216.214 and 82.128.214.254,
both near 82.128.217.58 and in the 82.128.128.0/17 block
owned by Oulu Telephone Company:
  http://serifos.eecs.harvard.edu/cgi-bin/whois.pl?q=82.128.216.214

Evidently the vandal is using one of those two as his exit node,
and the resulting traffic passes through the same ISP proxy
as the complaining user's traffic.

Glad XFF enables us to distinguish this guy's traffic
from the Tor-routed traffic.

Greg
_______________________________________________
Wikitech-l mailing list
[hidden email]
http://mail.wikipedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Tor and "X-Forwarded-For"

freakofnurture
Gregory Price-3 wrote
Do you mean you fired up a Tor client, told it to make a route
with 213.216.199.14 as the exit node, and then made this edit?
Yes, though I did not specifically seek to block that IP. I made several sandbox edits of the form "Tor proxy ~~~~", then exited from Tor, signed into my sysop account, and blocked the IPs, 213.216.199.14 being among them. If I was able to do that, vandals could have done so as well, in a more disruptive fashion, and editing actual articles rather than the sandbox.

--freakofnurture
Reply | Threaded
Open this post in threaded view
|

Re: Tor and "X-Forwarded-For"

freakofnurture
In reply to this post by Jay Ashworth-2
Jay R. Ashworth wrote
If the situation occurs often (ISP-run open proxies which must be
edit-blocked), then perhaps a redirect to a "your ISP runs an open
HTTP proxy at $IP_ADDRESS; if you want to contribute, you'll need to
find a different way to get here, or pressure them to restrict the
proxy to only their customers" page might be hacked in...
Generally we block open proxies using the template {{openproxy}} in the block summary. This expands into a more thorough message when they read the "you are blocked" page. So any additional information that might be meaningful in this case should be added, or linked to from that template. This will retroactively change the message presented to anybody else who was blocked with the same reason summary, if they attempt to edit from the same IP again in the future.

--freakofnurture
Reply | Threaded
Open this post in threaded view
|

Re: Tor and "X-Forwarded-For"

freakofnurture
In reply to this post by Rich Morin
Rich Morin wrote
At 10:58 AM -0800 3/22/06, freakofnurture wrote:
> Meanwhile, maybe I need to edit from the university =(

You may be able to edit _through_ the university, by means
of SSH port forwarding.
If you can describe how to do this or provide a link to explain it, I can forward your message to Mr. Wwwwolf who made the complaint.

--freakofnurture
Reply | Threaded
Open this post in threaded view
|

Re: Tor and "X-Forwarded-For"

freakofnurture
In reply to this post by Phil Boswell
Phil Boswell wrote
Ilmari Karonen wrote
Phil Boswell wrote:
[snip]
> So when someone is blocked because they are working through an open proxy,
> do we currently inform them of the admirable "XFF Project"?
> Should we?
It might be useful to add a mention to the {{SharedIP}} template.  To
make the change effective, we'd also need to have a bot fix all the
substed instances of that template.
This is where I manfully suppress my opinion of the mad rush to SUBSTitute every damn template on the wiki...

Does anyone recall what the actual point of having templates was?

Oh yes: so we could update stuff in a single place and have it propagate automatically.
The [[Template:Openproxy]] message that is placed on the IP's user_talk page is primarily for our own convenience, as it adds that IP to [[Category:Wikipedia:Blocked_open_proxies]]. We generally use the template call "{{openproxy}}" as the block summary, like this:
* 09:11, March 18, 2006 Freakofnurture blocked "213.216.199.14 (contribs)" with an expiry time of indefinite (Tor {{openproxy}})
When somebody attempts to edit from that IP, they are presented with the [[MediaWiki:Blockedtext]] page, and on this page, the "$2" is replaced by the block reason, which in this case expands into the _current_ revision of the {{openproxy}} template. So I don't think we need to run an "unsubsting bot" anytime soon. Especially whatever is on the user_talk will only be read by the first user of that IP who sees the orange "new messages" banner on their screen, and never again.

--freakofnurture
Reply | Threaded
Open this post in threaded view
|

Re: Tor and "X-Forwarded-For"

Ilmari Karonen
freakofnurture wrote:

> Phil Boswell wrote:
>>Ilmari Karonen wrote:
>>>
>>>It might be useful to add a mention to the {{SharedIP}} template.  To
>>>make the change effective, we'd also need to have a bot fix all the
>>>substed instances of that template.
>>
>>This is where I manfully suppress my opinion of the mad rush to SUBSTitute
>>every damn template on the wiki...
>>Does anyone recall what the actual point of having templates was?
>>Oh yes: so we could update stuff in a single place and have it propagate
>>automatically.
>
> The [[Template:Openproxy]] message that is placed on the IP's user_talk page
> is primarily for our own convenience, as it adds that IP to
> [[Category:Wikipedia:Blocked_open_proxies]]. We generally use the template
> call "{{openproxy}}" as the block summary, like this:
> * 09:11, March 18, 2006 Freakofnurture blocked "213.216.199.14 (contribs)"
> with an expiry time of indefinite (Tor {{openproxy}})
> When somebody attempts to edit from that IP, they are presented with the
> [[MediaWiki:Blockedtext]] page, and on this page, the "$2" is replaced by
> the block reason, which in this case expands into the _current_ revision of
> the {{openproxy}} template. So I don't think we need to run an "unsubsting
> bot" anytime soon. Especially whatever is on the user_talk will only be read
> by the first user of that IP who sees the orange "new messages" banner on
> their screen, and never again.

I think you've got your templates mixed up above.  {{SharedIP}} is the
"This IP address is shared by multiple users." template, used on talk
pages of IPs that should not be blocked for long periods.  It's the
generic template from which {{AOL}} was forked.  I agree with Phil that
it shouldn't be substed, but the folks at [[Wikipedia:Template
substitution]] seem to think otherwise.

--
Ilmari Karonen
_______________________________________________
Wikitech-l mailing list
[hidden email]
http://mail.wikipedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Tor and "X-Forwarded-For"

freakofnurture
Ilmari Karonen wrote
I think you've got your templates mixed up above.  {{SharedIP}} is the
"This IP address is shared by multiple users." template, used on talk
pages of IPs that should not be blocked for long periods.  It's the
generic template from which {{AOL}} was forked.  I agree with Phil that
it shouldn't be substed, but the folks at [[Wikipedia:Template
substitution]] seem to think otherwise.
I suppose you're right about the mixup, but since the issue involves IPs that are indefinitely blocked, any relevant information could be added instead to the {{openproxy}} template, and any other templates used in cases where it's necessary to block an IP indefinitely or for an unusually long duration. Again, the block message gets viewed every time somebody tries to edit, while the IP's talk page (generally) only gets viewed when somebody clicks the "new messages link" due to a new message, which might include a vandal warning, or the addition of the a specific block notice, indefinite or otherwise. Note that when one is editing (or attempting to edit) anonymously, he/she doesn't have a "My talk" link up in the top right as one would when signed in.

--freakofnurture
Reply | Threaded
Open this post in threaded view
|

Re: Tor and "X-Forwarded-For"

Ilmari Karonen
freakofnurture wrote:

> Ilmari Karonen wrote:
>
>>I think you've got your templates mixed up above.  {{SharedIP}} is the
>>"This IP address is shared by multiple users." template, used on talk
>>pages of IPs that should not be blocked for long periods.  It's the
>>generic template from which {{AOL}} was forked.  I agree with Phil that
>>it shouldn't be substed, but the folks at [[Wikipedia:Template
>>substitution]] seem to think otherwise.
>
> I suppose you're right about the mixup, but since the issue involves IPs
> that are indefinitely blocked, any relevant information could be added
> instead to the {{openproxy}} template, and any other templates used in cases
> where it's necessary to block an IP indefinitely or for an unusually long
> duration.

Actually, the XFF issue affects temporary blocks too.  That's why we
have the big "Read this part!" notice in [[MediaWiki:Blockiptext]].

I see, for example, that the *.singnet.sg proxies have beed added to the
"trusted" list.  That's a very good thing, since there's a lot of petty
vandalism from that range that used to be nearly impossible to block
without massive collateral damage.  Unfortunately AOL still doesn't
provide XFF headers.  :-(

Actually, [[MediaWiki:Blockiptext]] is probably one place where this
also ought to be advertised.

--
Ilmari Karonen
_______________________________________________
Wikitech-l mailing list
[hidden email]
http://mail.wikipedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Tor and "X-Forwarded-For"

Ilmari Karonen
Ilmari Karonen wrote:
>
> Actually, [[MediaWiki:Blockiptext]] is probably one place where this
> also ought to be advertised.

...done.  Improvements welcome.

Should there be some specific place where admins can report ISP proxies
so that a developer can check them, with a list of proxies that have
already been checked and found wanting?  An admin doing vandal blocking
generally can't tell if a proxy provides XFF headers or not, but I
understand that the headers are logged in the database where developers
(and those with CheckUser privs?) can access them.

--
Ilmari Karonen
_______________________________________________
Wikitech-l mailing list
[hidden email]
http://mail.wikipedia.org/mailman/listinfo/wikitech-l
12