On 16/09/2009, at 4:48 PM, Aryeh Gregor wrote:
On Wed, Sep 16, 2009 at 11:29 AM, Anthony
<wikimail(a)inbox.org> wrote:
The only one I can think of that I know of
directly would be the IP
spoofing
one where the attacker pretended to be a proxy and sent a false "IP
forwarded" or whatever.
That shouldn't work if MediaWiki is configured with a correct list of
trusted proxies.
We were checking $_SERVER['X_FORWARDED_FOR'], which reads the X-
Forwarded-For header. Unfortunately, it could be overridden by sending
an X_Forwarded_For header.
We resolved it by using the apache-specific header retrieval functions
instead of PHP's broken internal implementation.
--
Andrew Garrett
agarrett(a)wikimedia.org
http://werdn.us/