On 16/09/2009, at 4:48 PM, Aryeh Gregor wrote:
On Wed, Sep 16, 2009 at 11:29 AM, Anthony wikimail@inbox.org wrote:
The only one I can think of that I know of directly would be the IP spoofing one where the attacker pretended to be a proxy and sent a false "IP forwarded" or whatever.
That shouldn't work if MediaWiki is configured with a correct list of trusted proxies.
We were checking $_SERVER['X_FORWARDED_FOR'], which reads the X- Forwarded-For header. Unfortunately, it could be overridden by sending an X_Forwarded_For header.
We resolved it by using the apache-specific header retrieval functions instead of PHP's broken internal implementation.
-- Andrew Garrett agarrett@wikimedia.org http://werdn.us/