Author: rob
Description:
Apparently some proxies do add a HTTP X-Forwarded-For header to the request. If
the wikimedia software would support such headers for known proxy servers, this
would allow more selective blocking of vandals using proxies.
- It would allow other users using the same proxy to keep working even while a
vandal is being blocked.
- It would make it impossible for a vandal to use proxy hopping
Obviously we can not blindly trust this header in just any request, so my
proposal would be to have a sysop command that marks an IP as a known proxy. If
a request comes from such a marked proxy, the contributor would be taken from
the IP address in the X-Forwarded-For header instead, and this address would be
used for access control instead of the proxy address itself.
Version: unspecified
Severity: enhancement