From MediaWiki.org
Jump to navigation Jump to search

Other languages:
Deutsch • ‎English • ‎español • ‎polski • ‎sicilianu • ‎日本語
MediaWiki extensions manualManual:Extensions
Crystal Clear action run.svg

Release status:Extension status stable

DescriptionTemplate:Extension#description Handling of trusted proxy addresses (XFF)
Author(s)Template:Extension#username Tim Starlingtalk
LicenseTemplate:Extension#license Any OSI approved license
ExampleTemplate:Extension#example mediawiki.org
Hooks usedTemplate:Extension#hook

Translate the TrustedXFF extension if it is available at translatewiki.net

Check usage and version matrix.


Open tasks · Report a bug

The TrustedXFF extension maintains a list of trusted hosts in a file in CDB format. For details, see meta:XFF project.

The file can be generated using the generate.php maintenance script.


Ensure the files are in the correct location:

  • You are in the base directory for your wiki
  • ./LocalSettings.php is in that directory
  • ./trusted-hosts.txt is in that directory
  • ./maintenance/ is directly under it, as is a writeable ./cache/ directory
  • ./extensions/TrustedXFF/ is one level further

These most likely need to be actual files, not merely symlinks pointing somewhere else, as the code uses __DIR__ and relative paths.

Insert in LocalSettings.phpManual:LocalSettings.php:


Remain in the base directory; run generate.php using:

php extensions/TrustedXFF/generate.php --conf LocalSettings.php

At this point, there should be an output file created at ./cache/trusted-xff.cdb

If this exists, and Special:Version reports the extension as installed, it should be good to go. If you have more than one wiki, be sure to copy the output file to the ./cache/ directory for each of your MediaWiki installations.


  • The extension will not whitelist large ranges, such as an /18 (or wider). The list will compile with warnings and the large range will be ignored. This is an issue for services like CloudFlare that occupy multiple, huge chunks of IPv4 space.
  • The extension will not accept IPv6Manual:IPv6 support ranges in trusted-hosts.txt. There are a few such ranges hard-coded into TrustedXFF.body.php, but adding more addresses requires editing the code directly.

See also[edit]