Extension:TrustedXFF
| TrustedXFF Release status: stable |
|||
|---|---|---|---|
| Description | Handling of trusted proxy addresses (XFF) | ||
| Author(s) | Tim Starlingtalk | ||
| License | Any OSI approved license | ||
| Download | |||
| Example | mediawiki.org | ||
|
|||
| Translate the TrustedXFF extension if it is available at translatewiki.net | |||
| Check usage and version matrix. | |||
| Issues | Open tasks · Report a bug | ||
The TrustedXFF extension maintains a list of trusted hosts in a file in CDB format. For details, see meta:XFF project.
The file can be generated using the generate.php maintenance script.
Installation[edit]
Ensure the files are in the correct location:
- You are in the base directory for your wiki
- ./LocalSettings.php is in that directory
- ./trusted-hosts.txt is in that directory
- ./maintenance/ is directly under it, as is a writeable ./cache/ directory
- ./extensions/TrustedXFF/ is one level further
These most likely need to be actual files, not merely symlinks pointing somewhere else, as the code uses __DIR__ and relative paths.
Insert in LocalSettings.php:
require_once('$IP/extensions/TrustedXFF/TrustedXFF.php');
Remain in the base directory; run generate.php using:
php extensions/TrustedXFF/generate.php --conf LocalSettings.php
At this point, there should be an output file created at ./cache/trusted-xff.cdb
If this exists, and Special:Version reports the extension as installed, it should be good to go. If you have more than one wiki, be sure to copy the output file to the ./cache/ directory for each of your MediaWiki installations.
Limitations[edit]
- The extension will not whitelist large ranges, such as an /18 (or wider). The list will compile with warnings and the large range will be ignored. This is an issue for services like CloudFlare that occupy multiple, huge chunks of IPv4 space.
- The extension will not accept IPv6 ranges in trusted-hosts.txt. There are a few such ranges hard-coded into TrustedXFF.body.php, but adding more addresses requires editing the code directly.
See also[edit]
- Extension:CheckUser
- Manual:$wgApplyIpBlocksToXff
- $wgGlobalBlockingBlockXFF
| This extension is being used on one or more Wikimedia projects. This probably means that the extension is stable and works well enough to be used by such high-traffic websites. Look for this extension's name in Wikimedia's CommonSettings.php and InitialiseSettings.php configuration files to see where it's installed. A full list of the extensions installed on a particular wiki can be seen on the wiki's Special:Version page. |