Last modified: 2005-09-18 12:09:17 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T3590, the corresponding Phabricator task for complete and up-to-date bug report information.
Bug 1590 - IP address logging for anonymous users uses Proxy address
IP address logging for anonymous users uses Proxy address
Status: RESOLVED DUPLICATE of bug 843
Product: MediaWiki
Classification: Unclassified
User login and signup (Other open bugs)
unspecified
All All
: Normal enhancement (vote)
: ---
Assigned To: Nobody - You can work on this!
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2005-02-25 14:02 UTC by Julian Bond
Modified: 2005-09-18 12:09 UTC (History)
0 users

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Attachments

Description Julian Bond 2005-02-25 14:02:37 UTC
It appears that the IP address logging for anonymous users and appearing in
things like the history page is potentially using Proxy web server IP addresses
and not the actual source IP address. Many ISPs now use transparent proxy
servers to save bandwidth with the effect that this IP may be shared by a large
number of more or less temporary users. Properly configured Proxies should pass
back headers indicating the source IP and this should be captured and used.
Typically this will be in the HTTP_X_FORWARDED_FOR and HTTP_CLIENT_IP headers.
Comment 1 River Tarnell 2005-02-25 14:04:09 UTC
we cannot blindly trust X-F-F or any other client-supplied header.  every
legitimate ISP proxy would have to be verified and added by hand as well as
maintained as each ISP's topology changes.  i'm not sure this is feasible...
Comment 2 Tom Moitié 2005-08-07 20:00:13 UTC
This simple section of PHP gets a users IP address every time. Whether there is
a cache server, proxy server or anything else.
function getip() {
   if (getenv("HTTP_CLIENT_IP") && strcasecmp(getenv("HTTP_CLIENT_IP"), "unknown"))
   $ip = getenv("HTTP_CLIENT_IP");

   else if (getenv("HTTP_X_FORWARDED_FOR") &&
strcasecmp(getenv("HTTP_X_FORWARDED_FOR"), "unknown"))
   $ip = getenv("HTTP_X_FORWARDED_FOR");

   else if (getenv("REMOTE_ADDR") && strcasecmp(getenv("REMOTE_ADDR"), "unknown"))
   $ip = getenv("REMOTE_ADDR");

   else if (isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] &&
strcasecmp($_SERVER['REMOTE_ADDR'], "unknown"))
   $ip = $_SERVER['REMOTE_ADDR'];

   else
   $ip = "unknown";

   return($ip);
}

It has never gone wrong at all.
Comment 3 Zigger 2005-09-18 12:09:17 UTC
See also bug 2856.

*** This bug has been marked as a duplicate of 843 ***

Note You need to log in before you can comment on or make changes to this bug.


Navigation
Links