Is it possible to spoof the user IP address during action=edit? It sounds like an unsavory question, but let me explain. Let's say an anonymous user edits a page in my application, which, in turn, uses a MediaWiki API client to make the necessary token/edit requests. The resulting user is not the IP address of the anonymous user, rather it's the IP address of the API client. As a result, every anonymous user that uses my application is truly, irrevocably anonymous. This is why I wonder if it's possible to send an arbitrary user IP address along with the edit request.
Jim
IIRC, Mediawiki should pickup, and correctly apply the IP of the original user if you pass it along via XFF (X-Forwarded-For) headers.
On Thu, Feb 23, 2012 at 3:08 PM, Jim Safley jimsafley@gmail.com wrote:
Is it possible to spoof the user IP address during action=edit? It sounds like an unsavory question, but let me explain. Let's say an anonymous user edits a page in my application, which, in turn, uses a MediaWiki API client to make the necessary token/edit requests. The resulting user is not the IP address of the anonymous user, rather it's the IP address of the API client. As a result, every anonymous user that uses my application is truly, irrevocably anonymous. This is why I wonder if it's possible to send an arbitrary user IP address along with the edit request.
Jim
Mediawiki-api mailing list Mediawiki-api@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-api
On 23/02/12 21:08, Jim Safley wrote:
Is it possible to spoof the user IP address during action=edit? It sounds like an unsavory question, but let me explain. Let's say an anonymous user edits a page in my application, which, in turn, uses a MediaWiki API client to make the necessary token/edit requests. The resulting user is not the IP address of the anonymous user, rather it's the IP address of the API client. As a result, every anonymous user that uses my application is truly, irrevocably anonymous. This is why I wonder if it's possible to send an arbitrary user IP address along with the edit request.
Jim
Provide a X-Forwarded-For header with the original IP (append yourself to it if already present). Add your application IP to $wgSquidServersNoPurge, so its X-Forwarded-For is honored.
mediawiki-api@lists.wikimedia.org