Last modified: 2013-07-11 15:23:04 UTC
Hi, requesting URLs like http://en.wikipedia.org/w/index.php?title=Cat&action=history&feed=rss is an easy way of DOS-attacking a small MediaWiki website. These requests are quite heavy (diff generation for N revisions, with fetching all those revisions from DB?), have no captcha (because RSS readers don't support that), and since legitimate users almost never use them, they result in a cache miss. Please make a configuration option to disable this "feature". $wgFeed is not good enough: RSS is quite useful for Recentchanges/Newpages, we don't want to disable those.
Hm, I was going to recommend setting $wgFeedLimit to a lower value ([[mw:Manual:$wgFeedLimit]]), but apparently the implementation for HistoryAction is broken and enforces a minimal maximum of 10 diffs. I'll submit a patch to fix that.
Change 72372 had a related patch set uploaded by Matmarex: Correctly use $wgFeedLimit in page history feed https://gerrit.wikimedia.org/r/72372
Change 72372 merged by jenkins-bot: Correctly use $wgFeedLimit in page history feed https://gerrit.wikimedia.org/r/72372
This is now fixed in master. You can now set $wgFeedLimit = 1; to make history feed generation no more expensive than viewing a regular diff.