Last modified: 2014-01-28 16:25:06 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T59467, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 57467 - Invalid IP given in XFF 'unknown, 10.64.0.126' during favicon.php requests
Invalid IP given in XFF 'unknown, 10.64.0.126' during favicon.php requests
Status: RESOLVED FIXED
Product: MediaWiki
Classification: Unclassified
General/Unknown (Other open bugs)
unspecified
All All
: High major (vote)
: ---
Assigned To: Nobody - You can work on this!
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-11-23 01:04 UTC by Sam Reed (reedy)
Modified: 2014-01-28 16:25 UTC (History)
7 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Sam Reed (reedy) 2013-11-23 01:04:04 UTC 
2013-11-23 01:02:07 mw1037 enwiki: [889271a1] /favicon.ico   Exception from line 1183 of /usr/local/apache/common-local/php-1.23wmf4/includes/WebRequest.php: Invalid IP given in XFF 'unknown, 10.64.0.126'.
#0 /usr/local/apache/common-local/php-1.23wmf4/includes/ProxyTools.php(59): WebRequest->getIP()
#1 /usr/local/apache/common-local/wmf-config/throttle.php(65): wfGetIP()
#2 [internal function]: efRaiseAccountCreationThrottle()
#3 /usr/local/apache/common-local/php-1.23wmf4/includes/Setup.php(592): call_user_func('efRaiseAccountC...')
#4 /usr/local/apache/common-local/php-1.23wmf4/includes/WebStart.php(153): require_once('/usr/local/apac...')
#5 /usr/local/apache/common-local/w/favicon.php(5): require('/usr/local/apac...')
#6 {main}
Comment 1 Marcin Cieślak 2013-11-23 01:09:50 UTC 
(1) we trust a header too much
(2) a bug in the IP canon code, maybe
Comment 2 MZMcBride 2013-12-30 02:15:42 UTC 
(In reply to comment #0)

Are you sure this is a MediaWiki bug? Given the involvement of favicon.php and throttle.php, this seems like a Wikimedia bug. Though maybe you think the issue is somewhere in MediaWiki core's includes/?
Comment 3 Sam Reed (reedy) 2013-12-30 16:18:01 UTC 
(In reply to comment #2)
> (In reply to comment #0)
> 
> Are you sure this is a MediaWiki bug? Given the involvement of favicon.php
> and
> throttle.php, this seems like a Wikimedia bug. Though maybe you think the
> issue
> is somewhere in MediaWiki core's includes/?

The quoted string of 'unknown, 10.64.0.126' looks like the results of bad parsing. But it could easily be a bad header like Marcin said.

According to squid.php, 10.64.0.126 or cp1004 is an API caching server.. Slightly confused why that is serving favicon requests, but whatever.
Comment 4 Gerrit Notification Bot 2014-01-27 20:03:03 UTC 
Change 109721 had a related patch set uploaded by Umherirrender:
Ignore 'unknown' in XFF

https://gerrit.wikimedia.org/r/109721
Comment 5 Gerrit Notification Bot 2014-01-28 00:44:11 UTC 
Change 109721 merged by jenkins-bot:
Ignore 'unknown' in XFF

https://gerrit.wikimedia.org/r/109721
Comment 6 Umherirrender 2014-01-28 16:25:06 UTC 
successfully merged
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links