Please keep in mind that sometimes originating client IP in XFF header may be non-routable (10.* or 192.168.*)

On Thu, Jan 22, 2015 at 8:35 AM, Oliver Keyes <okeyes@wikimedia.org> wrote:
I don't grok that message, I'm afraid; there's a config list of "these
IPs are IPs we accept as trusted XFF providers": it's used in
CheckUser and similar tools to avoid ending up with everyone
geolocating to Virginia. I'm suggesting zero IP ranges that are
providing XFFs get added to that so that there's only one thing to
maintain and only one thing to check.

On 22 January 2015 at 09:39, Federico Leva (Nemo) <nemowiki@gmail.com> wrote:
> Oliver Keyes, 21/01/2015 02:17:
>>
>> I'd actually suggest just moving them to the site-wide config files we
>> use for all other recognised proxies.
>
>
> If they aren't Wikimedia projects specific, there is no reason for them to
> be in WMF configuration. To the contrary, there are ample precedents for
> such things to be managed on Meta-Wiki (spam blacklist, titleblacklist,
> interwiki map etc.) even for extensions bundled with core. On the other
> hand, it would clearly better to outsource the maintenance of such lists to
> a generic provider, as we did with TorBlock.
>
> Nemo
>
>
> _______________________________________________
> Analytics mailing list
> Analytics@lists.wikimedia.org
> https://lists.wikimedia.org/mailman/listinfo/analytics



--
Oliver Keyes
Research Analyst
Wikimedia Foundation

_______________________________________________
Analytics mailing list
Analytics@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/analytics