Last modified: 2011-01-25 01:45:35 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T16700, the corresponding Phabricator task for complete and up-to-date bug report information.
Bug 14700 - Add Opera Mini Browser IP range to the list of trusted XFF headers
Add Opera Mini Browser IP range to the list of trusted XFF headers
Status: RESOLVED FIXED
Product: Wikimedia
Classification: Unclassified
Site requests (Other open bugs)
unspecified
All All
: Normal enhancement with 1 vote (vote)
: ---
Assigned To: Nobody - You can work on this!
: shell
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2008-07-01 22:34 UTC by Thatcher
Modified: 2011-01-25 01:45 UTC (History)
4 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Attachments

Description Thatcher 2008-07-01 22:34:27 UTC
The Opera Mini broswer for mobile devices funnels all edits through two ranges, 91.203.96.0/22 and 195.189.142.0/23. For users of the full version of the program, Opera forwards xff headers indicating the real IP of the user.  For users of the demo version, the xff headers only contain Opera's IPs.  This makes the demo version effectively an open proxy, and both ranges have been blocked on enwiki for this reason, blocking all editors who use the device.  If the Opera Mini IPs were added to the list of trusted xff forwarders, my understanding is that blocking the IP range would only affect users of the demo, while users of the full version would be recorded as coming from their home IP and would not be affected by IP blocks on the ranges.
Comment 1 Aryeh Gregor (not reading bugmail, please e-mail directly) 2008-07-01 22:37:49 UTC
Are these ranges known to be static and reliable, and unlikely to change behavior in the future (e.g. by adding anonymous proxy functionality for paid subscribers or something like that)?
Comment 2 Thatcher 2008-07-01 22:58:33 UTC
I can't give an informed answer to that.  Probably someone should contact Opera.  I dislike blocking the range while we wait for them to contact us.  Checkuser returns an error message (too many edits) when checking the range, so there are a lot of edits coming from there.
Comment 3 Thatcher 2008-07-02 07:32:48 UTC
Actually, is that concern relevant?  If Opera started a pad proxy service, then either it would be transparent and continue to forward the originating IP, or it would be anonymous.  If anonymous, then a block on the Opera Mini range would block users of the demo and users of the proxy service, while not affecting users of the full version, which seems to me to be the correct result anyway.
Comment 5 Aryeh Gregor (not reading bugmail, please e-mail directly) 2008-07-02 13:59:10 UTC
(In reply to comment #3)
> Actually, is that concern relevant?  If Opera started a pad proxy service, then
> either it would be transparent and continue to forward the originating IP, or
> it would be anonymous.  If anonymous, then a block on the Opera Mini range
> would block users of the demo and users of the proxy service, while not
> affecting users of the full version, which seems to me to be the correct result
> anyway.

What if the IP ranges got rejiggered and Opera started using the range for their employees' personal computers, moving the proxies to some other range?  They could do that at any time, unless they give a guarantee to the contrary.  Then their employees could set their IP addresses on Wikipedia to anything they liked, by manually adding XFF headers.
Comment 6 Chad H. 2009-12-10 14:13:11 UTC
Closing this as FIXED. Tim's already put a lot of Opera Mini proxies into the TrustedXFF list.

Note You need to log in before you can comment on or make changes to this bug.


Navigation
Links