Release status: stable
|Description||Handling of trusted proxy addresses (XFF)|
|License||Any OSI approved license|
Translate the TrustedXFF extension if it is available at translatewiki.net
|Check usage and version matrix; code metrics|
The TrustedXFF extension maintains a list of trusted hosts in a file in CDB format. For details, see meta:XFF project.
The file can be generated using the generate.php maintenance script.
Note: This extension requires that your web server software will have the DBA module of PHP enabled, which may not be allowed on some hosts - so it will be a good idea to check this before installing this extension.
Installation[edit | edit source]
Install PHP-DBA; on many Linux distributions this is available through a package manager (like apt-get or yum)
yum install php-dba
Ensure the files are in the correct location:
- You are in the base directory for your wiki
- ./LocalSettings.php is in that directory
- ./trusted-hosts.txt is in that directory
- ./maintenance/ is directly under it, as is a writeable ./cache/ directory
- ./extensions/TrustedXFF/ is one level further
These most likely need to be actual files, not merely symlinks pointing somewhere else, as the code uses __DIR__ and relative paths.
Insert in LocalSettings.php:
Remain in the base directory; run generate.php using:
php extensions/TrustedXFF/generate.php --conf LocalSettings.php
At this point, there should be an output file created at ./cache/trusted-xff.cdb
If this exists, and Special:Version reports the extension as installed, it should be good to go. If you have more than one wiki, be sure to copy the output file to the ./cache/ directory for each of your MediaWiki installations.
Limitations[edit | edit source]
- The extension will not whitelist large ranges, such as an /18 (or wider). The list will compile with warnings and the large range will be ignored. This is an issue for services like CloudFlare that occupy multiple, huge chunks of IPv4 space.
- The extension will not accept IPv6 ranges in trusted-hosts.txt. There are a few such ranges hard-coded into TrustedXFF.body.php, but adding more addresses requires editing the code directly.
See also[edit | edit source]
|This extension is being used on one or more Wikimedia projects. This probably means that the extension is stable and works well enough to be used by such high-traffic websites. Look for this extension's name in Wikimedia's CommonSettings.php and InitialiseSettings.php configuration files to see where it's installed. A full list of the extensions installed on a particular wiki can be seen on the wiki's Special:Version page.|