Extension:TrustedXFF

From mediawiki.org
MediaWiki extensions manual
OOjs UI icon advanced-invert.svg
TrustedXFF
Release status: stable
Description Handling of trusted proxy addresses (XFF)
Author(s) Tim Starlingtalk
Latest version 2.0.0
MediaWiki >= 1.39.0
License GNU General Public License 2.0 or later
Download
Example mediawiki.org
Translate the TrustedXFF extension if it is available at translatewiki.net
Issues Open tasks · Report a bug

The TrustedXFF extension maintains a list of trusted hosts in a file in a PHP array format. For details, see meta:XFF project.

The file can be generated using the generate.php maintenance script.

Installation[edit]

  • Download and place the file(s) in a directory called TrustedXFF in your extensions/ folder.
  • Add the following code at the bottom of your LocalSettings.php :
    wfLoadExtension( 'TrustedXFF' );
    
  • Yes Done – Navigate to Special:Version on your wiki to verify that the extension is successfully installed.

To users running MediaWiki 1.28 or earlier:

The instructions above describe the new way of installing this extension using wfLoadExtension(). If you need to install this extension on these earlier versions (MediaWiki 1.28 and earlier), instead of wfLoadExtension( 'TrustedXFF' );, you need to use:

require_once "$IP/extensions/TrustedXFF/TrustedXFF.php";


Limitations[edit]

  • Useless where X-Forwarded-For is unavailable. As of 2019, many wikis force HTTPS for all things. Any manipulation with headers on a proxy compromises HTTPs server authentication unless the proxy possesses an SSL certificate authoritative for the wiki in question. It makes the extension far less useful nowadays than it was originally envisaged.


See also[edit]