[10:59:50] <gilles>	 https://dev.to/riknelix/fast-and-efficient-recompression-using-previous-compression-artifacts-47g5
[12:55:30] * andre__ passes two beers to ema
[12:55:47] <ema>	 hello :)
[12:55:53] <andre__>	 heja!
[12:56:14] <andre__>	 not sure I can really help with this (lacking technical understanding), but worth a try I guess
[12:56:48] <andre__>	 grep'ing an upstream git checkout of Phab does not give me any matches for X-Forwarded-For or X-Client-IP
[12:58:38] <andre__>	 ema: I dumped all I know into https://phabricator.wikimedia.org/T237637#6385498
[12:59:16] <ema>	 andre__: so the issue is that phab logs do show the correct IP for IPv4, but not for IPv6?
[13:00:26] <Reedy>	 https://secure.phabricator.com/T10375 "Support X-Forwarded-For in Access Log"
[13:00:30] <Reedy>	 "resolved lolno"
[13:02:32] <andre__>	 ema: Checking it again, it seems that all and any IP addresses (both IPv4 and IPv6) are the one very same IP now (I think that I'm still on IPv4 but I just logged out and in again and I also get that very common IP)
[13:02:39] <andre__>	 so seems that it's completely broken by now
[13:02:45] <andre__>	 ema: Can you access https://phabricator.wikimedia.org/people/logs/ ?
[13:03:21] <ema>	 andre__: I can and indeed I see the same IP for every entry
[13:03:29] <andre__>	 yepp. That's my problem :P
[13:03:42] <ema>	 the problem is now clear :)
[13:04:03] <Reedy>	 8.0.0.0.6.1.0.0.4.6.0.0.0.1.0.0.2.0.1.0.1.6.8.0.0.0.0.0.0.2.6.2.ip6.arpa	name = phab1001.eqiad.wmnet.
[13:05:25] <ema>	 X-Client-IP is the request header that phab should use for this
[13:06:05] <andre__>	 (sounds like some upstream changes needed?)
[13:06:17] <Reedy>	 https://secure.phabricator.com/book/phabricator/article/configuring_preamble/
[13:06:22] <Reedy>	 >Adjusting Client IPs
[13:06:25] <Reedy>	 >If your install is behind a load balancer, Phabricator may incorrectly detect all requests as originating from the load balancer, rather than from the correct client IPs.
[13:06:45] <andre__>	 ffff* why haven't I found that one yet, thanks
[13:07:15] <Reedy>	 Might be worth double checking what our preamble is
[13:07:41] <Reedy>	 Presumably if it changed at some point, it coincides with either a phab upgrade or something else infront of phab being updated
[13:08:15] <Reedy>	 Or maybe we're all actually existing in a simulation running on phab1001
[13:10:00] <ema>	 I feel that Reedy is gonna get those beers at the end of the day
[13:10:20] <andre__>	 I might have to split them into halfs :-/
[13:10:47] <andre__>	 but that's already all damn helpful, thanks. Now just need to find that our damn preamble in some repo
[13:11:09] <ema>	 I haven't eaten yet, will be back and read the scrollback after lunch!
[13:11:57] <Reedy>	     $preamble = "${phabricator::confdir}/preamble.php"
[13:12:04] <Reedy>	         content => template('phabricator/preamble.php.erb'),
[13:12:13] <Reedy>	 https://github.com/wikimedia/puppet/blob/8841bafe66c888a24f83b226558ba1a3801985e5/modules/phabricator/templates/preamble.php.erb
[13:12:56] <Reedy>	 Also, mukunda just replied on the task
[13:13:05] <andre__>	 twentyafterfour ^
[13:15:46] <Reedy>	 andre__: Also, for your grepping.. You'd probably need to s/-/_/
[13:15:59] <andre__>	 ah, good point
[13:16:20] <Reedy>	 at least for the PHP code using it rather than the comments you picked up
[14:20:00] <ema>	 Reedy, andre__: so, at least on paper, the fix would boild down to setting $_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_X_CLIENT_IP'] in preamble.php.erb?
[14:20:12] <ema>	 s/boild/boil/
[14:20:33] <Reedy>	 I dunno on the specifics, but it wouldn't surprise me if it's something like that
[14:20:37] <Reedy>	 Probably needs a bit more guarding
[14:20:51] <Reedy>	 mukunda's comment makes it sound like apache used to do this, but seemingly stopped
[14:21:59] <twentyafterfour>	 prior to the apache module we had custom code in PHP via a file installed by puppet called preamble.php
[14:22:25] <twentyafterfour>	 last I remember we didn't need the preamble code anymore 
[14:23:08] <ema>	 preamble.php is installed by a puppet module (phabricator::redirector) that says:
[14:23:11] <ema>	 # Setup the preamble.php and redirect_config.json to redirect bugzilla
[14:23:12] <twentyafterfour>	 /srv/phab/phabricator/support/preamble.php 
[14:23:14] <ema>	 # (and eventually RT) urls to phabricator
[14:23:53] <ema>	 so perhaps this used to do redirection at some point, and then the functionality moved elsewhere?
[14:24:17] <twentyafterfour>	 ema: preamble redirect stuff is still used Afaik 
[14:24:41] <twentyafterfour>	 it redirects old bugzilla urls to phab tasks
[14:25:03] <ema>	 ack, well if it's still there than it should be very easy to check if setting $_SERVER['REMOTE_ADDR'] there fixes the IP logging issue
[14:25:53] <twentyafterfour>	 preamble handles HTTP_X_FORWARDED_PROTO  and it used to handle x-forwarded-for headers but it was removed and replaced with some apache module that translated the remote address automatically 
[14:26:17] <twentyafterfour>	 I have to run, not supposed to be working today ;)
[14:26:44] <ema>	 twentyafterfour: enjoy :)
[16:37:39] <andre__>	 and for folks who like traffic issues, see https://phabricator.wikimedia.org/T260440 which is gaining duplicates :)
[16:38:21] <cdanis>	 thanks andre__, known for a while now and a misconfiguration on their side, FWIW, but we should make a tracking task
[16:39:14] <andre__>	 not sure what the term "tracking task" means if we already have a ticket, but if there's any public info to share or give back to communities it could be nice to add it to that ticket
[16:42:05] <cdanis>	 that is a private security issue with a user IP address in it :)
[16:44:07] <andre__>	 ah, so you meant public. I see :)
[16:50:19] <wikibugs>	 10Traffic, 10netops, 10Operations: Users of Jio ISP (India, AS 55836) unable to reach Wikimedia sites - https://phabricator.wikimedia.org/T260449 (10CDanis)
[16:50:32] <wikibugs>	 10Traffic, 10netops, 10Operations: Users of Jio ISP (India, AS 55836) unable to reach Wikimedia sites - https://phabricator.wikimedia.org/T260449 (10CDanis)
[16:51:37] <wikibugs>	 10Traffic, 10netops, 10Operations: Users of Jio ISP (India, AS 55836) unable to reach Wikimedia sites - https://phabricator.wikimedia.org/T260449 (10CDanis) For posterity, relevant workaround patch and deployment thereof: https://gerrit.wikimedia.org/r/c/operations/homer/public/+/620377 https://sal.toolforge...
[16:52:10] <wikibugs>	 10Traffic, 10netops, 10Operations: Users of Jio ISP (India, AS 55836) unable to reach Wikimedia sites - https://phabricator.wikimedia.org/T260449 (10CDanis)
[17:00:33] <andre__>	 thanks
[17:01:10] <cdanis>	 also, should be fixed for now
[17:02:08] <wikibugs>	 10Traffic, 10netops, 10Operations: Users of Jio ISP (India, AS 55836) unable to reach Wikimedia sites - https://phabricator.wikimedia.org/T260449 (10CDanis)
[17:02:29] <wikibugs>	 10Traffic, 10netops, 10Operations: Users of Jio ISP (India, AS 55836) unable to reach Wikimedia sites - https://phabricator.wikimedia.org/T260449 (10CDanis) 05Open→03Resolved a:03CDanis There's still an issue on Jio's side that needs to be fixed by them, but, we've put a temporary workaround in place,...