Last modified: 2006-06-28 18:43:37 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T8459, the corresponding Phabricator task for complete and up-to-date bug report information.
Bug 6459 - Require SSL for AOL users on enwiki
Require SSL for AOL users on enwiki
Status: RESOLVED FIXED
Product: Wikimedia
Classification: Unclassified
General/Unknown (Other open bugs)
unspecified
All All
: Normal normal (vote)
: ---
Assigned To: Nobody - You can work on this!
: shell
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2006-06-27 04:05 UTC by Aryeh Gregor (not reading bugmail, please e-mail directly)
Modified: 2006-06-28 18:43 UTC (History)
0 users

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Attachments

Description Aryeh Gregor (not reading bugmail, please e-mail directly) 2006-06-27 04:05:29 UTC
Wiktionary now requires all AOL users to use SSL when editing, which bypasses
the proxies that make AOL vandals so frustrating to deal with.  (See
http://en.wiktionary.org/wiki/Wiktionary:AOL.)  There have been repeated
attempts at suggesting that the solution be implemented for enwiki as well,
accompanied by rumors that the server load would be too great.  I could find no
bug filed on this, so I'm opening this to get an official answer on whether this
is possible.
Comment 1 Platonides 2006-06-28 11:13:40 UTC
No changes are needed. Secure.wikimedia.org already is able to all? projects.
Simply change the url from
https://secure.wikimedia.org/wiktionary/en/wiki/Main_Page to
https://secure.wikimedia.org/wikipedia/en/wiki/Main_Page and advertise it
properly. The same applies for other projects/languages.

Comment 2 Rob Church 2006-06-28 13:44:53 UTC
Do *not* advertise this for general use; the box handling requests can't serve
the load. This is part of the reason we didn't advertise it for general use when
it was set up.
Comment 3 Ilmari Karonen 2006-06-28 13:50:09 UTC
Actually, we're already advertising it to users hit by AOL blocks, or at least
to those among them who take the time to read [[Wikipedia:Advice_to_AOL_users]]
(linked to from [[MediaWiki:Blockedtext]] on enwiki) all the way to the end.
Comment 4 Rob Church 2006-06-28 13:51:54 UTC
Very carefully re-read my sentence and note the "for general use" clause. If
that's been there so far and the load hasn't killed the box in question, then we
can deduce there's no problem, or that AOL users can't read.
Comment 5 Ilmari Karonen 2006-06-28 13:56:23 UTC
Sure.  I wasn't trying to argue with you, Rob, just comment on the current
situation.  Your deduction seems sound to me, too.  :)
Comment 6 Aryeh Gregor (not reading bugmail, please e-mail directly) 2006-06-28 18:20:05 UTC
Well, this request was for a secure server such that all AOL users could be
blocked from editing over insecure servers.  Apparently, from what Rob says,
they can't yet, so is this actually FIXED?

More broadly, I think we'd want an automatic redirect to secure servers for AOL
users, which I assume would require a software change.  Ideal behavior would be:
AOL anon sees something he wants to edit, clicks Edit, gets invisibly redirected
to https://en.wikipedia.org/wiki/..., and happily edits away, from his
perspective indistinguishably from any other user unless he happens to glance at
the URL.  Is this Wikimedia, MediaWiki, or some freakish mutant hybrid of both?
Comment 7 Antoine "hashar" Musso (WMF) 2006-06-28 18:41:17 UTC
Maybe AOL support X_FORWARDED_FOR header ? That might solve the issue.

http://meta.wikimedia.org/wiki/XFF_project
Comment 8 Aryeh Gregor (not reading bugmail, please e-mail directly) 2006-06-28 18:43:37 UTC
(In reply to comment #7)
> Maybe AOL support X_FORWARDED_FOR header ?

[[w:Wikipedia:Dealing with AOL vandals]] says it doesn't.  As far as I know
(could be wrong), AOL uses proxies the way it does explicitly for the "privacy"
of its users, so that makes sense.

Note You need to log in before you can comment on or make changes to this bug.


Navigation
Links