Jump to content

Talk:XFF project/Archives/2007

From Meta, a Wikimedia project coordination wiki
Latest comment: 17 years ago by Voice of All in topic usage

XFF IP limitations

Does this system have a sort of safety feature in the event that someone misusing (think malicious person controlling a proxy server due to exploits or the like) one of these proxy servers in which their hidden XFF IP is limited to a range.

  1. To be clear, a limitation such as 212.113.164.97 (the first one on the list) can only forward IPs of 212.113.160.0/24, and nothing else. That way if one of these proxy servers is comprimised, which could happen, someone cannot just spoof the IP to anything they feel like, they'd be limited to a pre-determined range which could be blocked then traced back to the proxy server that is comprimised. 4.181.9.203 03:18, 12 July 2006 (UTC)
We have a log of X-Forwarded-For headers for POST requests which can be used to investigate any claim of IP address spoofing. -- Tim Starling 17:07, 20 February 2007 (UTC)

Qtel proxies

The Qtel proxy 82.148.97.69 was recently the subject of much controversy (see en:User talk:82.148.97.69). I notice that two other addresses from the same block appear to be on the XFF list

 82.148.97.67  proxy.qatar.net.qa
 82.148.97.68  proxy.qatar.net.qa

Both of these reverse-lookup to proxy.qatar.net.qa However, 82.148.97.69, although it is numerically the next IP address in sequence, does not have a PTR record at all.

If 82.148.97.69 is also XFF-enabled, and can be trusted as being run by the ISP itself, could it also be added to the XFF list? Perhaps this needs someone from the XFF project to get in touch with Qtel to confirm this, and Qtel themselves to set up a PTR record? -- The Anome 15:09, 8 January 2007 (UTC)

82.148.97.69 is not giving XFF headers. -- Tim Starling 19:52, 18 February 2007 (UTC)

TPG Internet

I noticed that TPG Internet is on the trusted XFF list, however, some of their proxies are missing from the listing. A full list of their proxies is available at http://forums.whirlpool.net.au/forum-replies-archive.cfm/493725.html. These proxies all correctly send the X-Forwarded-For header. -- Daniel15 13:42, 10 April 2007 (UTC)

usage

can mediawiki installations other than wikipedia check/block by XFF? if so, how is this achieved? --Hexvoodoo 06:46, 27 April 2007 (UTC)

There are no XFF blocks, you can only flag ISPs as trusted, which causes the XFF client IP (first of the chain) to be reported as the user's IP, allowing for it to be blocked normally. Voice-of-All 17:57, 29 May 2007 (UTC)