Closed Bug 600537 Opened 15 years ago Closed 15 years ago

Update DieSpammers MDC plugin to record correct IPs

Categories

(mozilla.org Graveyard :: Server Operations, task)

Product:
mozilla.org Graveyard
Component:
Server Operations
Type:
task
Priority:
Not set
Severity:
critical

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: sheppy, Assigned: oremj)

Details

Attachments

(1 file)

Updated plugins
7.52 KB, application/x-zip-compressed
Details
Currently, when MDC logs users' connections, it's recording the IP address of, I presume, the netscaler. It needs to be seeing the users' real IP addresses instead. This would let us ban users by IP properly. This is semi-urgent, as we are undergoing some spamming and need to block the attackers' IP addresses.
Zeus config says we're already sending this. (It's in Zeus, not Netscaler, currently). Is the app set up to look for it? The app needs to be told it's behind a proxy server probably so it knows to look for X-Forwarded-For headers.
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → WORKSFORME
MindTouch says they're looking for "X-Forwarded-Host". Is that something we can configure?
Status: RESOLVED → REOPENED
Resolution: WORKSFORME → ---
Can they just use the standard X-Forwarded-For?
X-Forwarded-Host is typically reserved for "The original host requested by the client in the Host HTTP request header." and we already send that in the Host header.
Turns out the real problem here is that the DieSpammers tool is looking at the wrong header when it records user IP addresses when they log in and whatnot. I'm going to work on updating it. Another issue is that MindTouch doesn't have any built-in IP recording, so you have to puzzle them out on your own; the DieSpammers plugin hacks in a recording of the IPs but there's no UI to see them.
Assignee: server-ops → eshepherd
Summary: MDC needs to see users' real IP addresses → Update DieSpammers MDC plugin to record correct IPs
Attached file Updated plugins
The attached is a new update I've done to the DieSpammers special page plugin and the store_ip_information plugin that goes with it. You don't need to run the ip.sql file as that table patch has already been applied. This needs to be deployed on the staging server for testing, as I don't have a Zeus environment at home to test on. Does the staging environment go through Zeus? If not, we need to come up with a way to test this with X-Forwarded-For being delivered. I know it works correctly when it's not. The store_ip_information change here adds code to look for X-Forwarded-For and store that instead of the remote_addr if it's available. The change to the DieSpammers special page is to simply show the IP addresses for users in the list so you can check to be sure they're not Zeus before clicking to ban them.
Assignee: eshepherd → jeremy.orem+bugs
I've pushed the new files.
Status: REOPENED → RESOLVED
Closed: 15 years ago15 years ago
Resolution: --- → FIXED
Hm, you pushed them to the live site; I'd asked for them to go to the staging server for testing. Fortunately, it looks like it works correctly. I'll advise if we find that not to be the case after I actually use it. But it's reporting non-Zeus IPs in the UI now, which is 99% of the battle, since it means it's recording the users' real IPs correctly in the database, and the actual banning code isn't changed.
Product: mozilla.org → mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: