Last modified: 2006-06-28 18:43:37 UTC

Wikimedia Bugzilla is closed!

Wikimedia has migrated from Bugzilla to Phabricator. Bug reports should be created and updated in Wikimedia Phabricator instead. Please create an account in Phabricator and add your Bugzilla email address to it.
Wikimedia Bugzilla is read-only. If you try to edit or create any bug report in Bugzilla you will be shown an intentional error message.
In order to access the Phabricator task corresponding to a Bugzilla report, just remove "static-" from its URL.
You could still run searches in Bugzilla or access your list of votes but bug reports will obviously not be up-to-date in Bugzilla.
Bug 6459 - Require SSL for AOL users on enwiki
Require SSL for AOL users on enwiki
Product: Wikimedia
Classification: Unclassified
General/Unknown (Other open bugs)
All All
: Normal normal (vote)
: ---
Assigned To: Nobody - You can work on this!
: shell
Depends on:
  Show dependency treegraph
Reported: 2006-06-27 04:05 UTC by Aryeh Gregor (not reading bugmail, please e-mail directly)
Modified: 2006-06-28 18:43 UTC (History)
0 users

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Description Aryeh Gregor (not reading bugmail, please e-mail directly) 2006-06-27 04:05:29 UTC
Wiktionary now requires all AOL users to use SSL when editing, which bypasses
the proxies that make AOL vandals so frustrating to deal with.  (See  There have been repeated
attempts at suggesting that the solution be implemented for enwiki as well,
accompanied by rumors that the server load would be too great.  I could find no
bug filed on this, so I'm opening this to get an official answer on whether this
is possible.
Comment 1 Platonides 2006-06-28 11:13:40 UTC
No changes are needed. already is able to all? projects.
Simply change the url from to and advertise it
properly. The same applies for other projects/languages.

Comment 2 Rob Church 2006-06-28 13:44:53 UTC
Do *not* advertise this for general use; the box handling requests can't serve
the load. This is part of the reason we didn't advertise it for general use when
it was set up.
Comment 3 Ilmari Karonen 2006-06-28 13:50:09 UTC
Actually, we're already advertising it to users hit by AOL blocks, or at least
to those among them who take the time to read [[Wikipedia:Advice_to_AOL_users]]
(linked to from [[MediaWiki:Blockedtext]] on enwiki) all the way to the end.
Comment 4 Rob Church 2006-06-28 13:51:54 UTC
Very carefully re-read my sentence and note the "for general use" clause. If
that's been there so far and the load hasn't killed the box in question, then we
can deduce there's no problem, or that AOL users can't read.
Comment 5 Ilmari Karonen 2006-06-28 13:56:23 UTC
Sure.  I wasn't trying to argue with you, Rob, just comment on the current
situation.  Your deduction seems sound to me, too.  :)
Comment 6 Aryeh Gregor (not reading bugmail, please e-mail directly) 2006-06-28 18:20:05 UTC
Well, this request was for a secure server such that all AOL users could be
blocked from editing over insecure servers.  Apparently, from what Rob says,
they can't yet, so is this actually FIXED?

More broadly, I think we'd want an automatic redirect to secure servers for AOL
users, which I assume would require a software change.  Ideal behavior would be:
AOL anon sees something he wants to edit, clicks Edit, gets invisibly redirected
to, and happily edits away, from his
perspective indistinguishably from any other user unless he happens to glance at
the URL.  Is this Wikimedia, MediaWiki, or some freakish mutant hybrid of both?
Comment 7 Antoine "hashar" Musso (WMF) 2006-06-28 18:41:17 UTC
Maybe AOL support X_FORWARDED_FOR header ? That might solve the issue.
Comment 8 Aryeh Gregor (not reading bugmail, please e-mail directly) 2006-06-28 18:43:37 UTC
(In reply to comment #7)
> Maybe AOL support X_FORWARDED_FOR header ?

[[w:Wikipedia:Dealing with AOL vandals]] says it doesn't.  As far as I know
(could be wrong), AOL uses proxies the way it does explicitly for the "privacy"
of its users, so that makes sense.

Note You need to log in before you can comment on or make changes to this bug.