[08:56:26] I wonder if it would is safe to check referrer on api.php calls [08:57:22] my wiki often gets weird people doing 1200 automated "action=parse" and "list=allimages" requests per second [09:02:34] Remilia: probably a user script of some sort? Maybe looking at the UA might give a hint? [09:04:54] legoktm: they always fake the UA [09:05:10] that sounds bad [09:05:21] (my haproxy already blocks most stuff that does not respect robots.txt) [09:05:34] weird [09:05:42] Remilia: have you checked web server's logs for IPs? maybe this is a single guy [09:05:53] Ostrzyciel: yes of course it is a single guy [09:06:19] but I cannot in good faith put a blanket ban on a /18 [09:06:26] hmpf, right [09:06:54] Remilia: for guys like these I use rate limiting in nginx on the api.php endpoint [09:07:27] depends on your wiki, but nginx can quite effectively block abusive behaviour with burst control etc [09:07:39] Ostrzyciel: I am actually very interested in *why* this person was not rate limited, maybe http/2 shenanigans [09:07:47] ooh. [09:07:58] I have "stick-table type ipv6 size 200k expire 60s store http_req_rate(1s)" [09:08:27] ...I'm not an nginx expert, so I can't really help you with that :/ [09:08:31] with "http-request deny deny_status 429 if { sc_http_req_rate(0) gt 200 } ..." so [09:08:41] no nginx here w [09:08:47] oh, right, sorry [09:09:07] I wonder if this was all bunched into a single http/2 pipeline [09:09:44] but my question is like, can I just 403 api.php requests without a matching referer? [09:11:45] if AJAX stuff uses proper referrers, I could just block these at haproxy level and they would never trash Varnish cache or hit PHP-FPM [10:10:30] nginx can rate limit requests by origin IP easily [10:11:16] However I often see lots of malicious concurrent requests from big IP ranges, for example those coming from amazon aws or alicloud [10:12:26] At least I managed to block most sql injection attempts from varnish [13:16:05] hi there, I'm having some issues with the API in my wiki. All of a sudden I'm getting the error code `writeapidenied` while trying to call some action modules. [13:16:51] I don't see any useful error on the logs. any tips where could I look to figure this out? [13:26:05] From what I understand writeapi rights are true by default for all users, correct? [13:27:24] But adding this right explicitly to sysops on my configs fixed it, which is weird because this wasn't needed a while back. [13:35:11] "All of a sudden" usually means someone touched something in the configuration, or enabled an extension :) [13:36:50] yes, in my case in point it means 'I can't remember doing anything that might have caused that' :P [13:37:26] But it seems that it might have something to do with the removal of wgEnableApi and wgEnableWriteApi from 1.34 [14:16:25] Hello, I am trying to setup VisualEditor & Parsoid on my MediaWiki. I have downloaded VisualEditor onto my server but I am having trouble installing it and getting it working. Tried unzipping it onto my server and changing the LocalSettings.php as suggested in on MediaWiki page [https://www.mediawiki.org/wiki/Extension:VisualEditor]. All that [14:16:26] happens is that the how Wiki does not load anymore so I am definitely doing something wrong. [14:24:48] !blankpage [14:24:48] A blank page or HTTP 500 error usually indicates a fatal PHP error. For information on debugging (including viewing errors), see . [14:31:51] Yes, it gives me an "HTTP ERROR 500". Once I remove the VisualEditor action code from LocalSettings.php it returns to normal and works fine again. Its just that it clearly wont have VisualEditor. I am not even 100% sure I am installing it correctly as I have to download the zip file, upload it to my server, then unzip it there (I chose to unzip to [14:31:51] the "wiki" folder). The Mediawiki documentation seems to mention a lot of sudo instillation commands but my server service does not seem to offer a terminal to input sudo commands.I really quite lost here [14:37:30] Unless you can find the actual error you're getting, it's a bit hard for anyone to really help you, unfortunately [14:42:05] Anyone able to help with an install/uninstall question? [14:42:25] I suppose what I am really asking is "how do I install and setup Parsoid & VisualEditor?" The documentation on MediaWiki does not seem very helpful as I cant find any terminal on my server to input sudo commands (its a Linux host). [14:43:42] Trying to reinstall mediawiki on my host, but get "An installation already exists at **MY DOMAIN** as per our records. To re-install the application please uninstall the existing installation!" I've completely deleted the relevant directories where it was previously installed, as well as the mysql databases, yet I keep getting the warning and [14:43:42] can't reinstall. [14:46:09] Discott: What provider is it? Not all providers provide the access, so those are mostly unsupported AIUI [14:46:48] Guest51: that doesn't sound like a MediaWiki error message [14:47:26] I'm presuming your provider provides some sort of manage install... So they need to remove it from their records I guess [14:48:47] Sighs, figured as much... [14:49:03] You'd hope if they offered an install button, they had an uninstall/remove button... [14:49:48] Yeah, I was hoping for an uninstall button, but, sadly, it doesn't appear I'm that lucky. [14:51:12] Oh, looks like the uninstall option was buried. [14:51:18] Let's see if I can get this going. [14:53:14] Reedy: my provider is 1-grid.com. I doubt they provide very much in the way of access, I tried calling them and they largely had no idea what I was talking about. [15:04:32] what was that page to view all callers of a function? [15:04:47] Woot...Fixed. Cheers. [15:16:19] ProcReader: What do you mean? [15:32:35] Reedy: like a "search for usages" of a function across extensions. e.g. if you're updating a method signature in the core, so you know what else has to be updated [15:34:15] ProcReader: https://codesearch.wmflabs.org? [15:34:47] ah, yeah, thanks! [17:06:40] what does this error mean 'Wikimedia/Rdbms/DBUnexpectedError with message 'Database selection is disallowed to enable reuse.'? [17:07:18] I'm issuing the command $dbw->tablePrefix( $prefixedId ); [17:11:16] That error message is horrible :) [17:11:54] You'll need to set tablePrefix when creating the connection, I guess [17:12:50] Imagine if you set it on a database handle you got somewhere, and then that database handle tries to run other queries... [17:12:56] * Reedy filed https://phabricator.wikimedia.org/T256287 for the wording [17:13:21] Vulpix: Do you happen to know it this has changed in REL1.34? Cuz this code was working fine on 1.31. [17:13:51] Vulpix: oof, that would create a lot of trouble, indeed. [17:13:54] I don't know, but most probably it has been changed (and actually, "fixed") [17:15:26] Reedy: thx for addressing that [17:23:13] https://github.com/wikimedia/mediawiki/commit/6ab57b9c2424d9cc01b29908658b273a6ce75489 [17:23:25] It looks like the same thing that introduced the messages probably broke it in 1.33 for your use case [17:31:01] Uhm, yes that looks precise. [17:31:45] And how one would go about connecting to the db already providing the prefix as Vulpix suggested? wfGetDB( DB_MASTER, ...) [17:33:39] * Reedy digs further [17:34:09] https://github.com/wikimedia/mediawiki/commit/74068ce880e245f84844bd78d49214994202441a [17:34:13] >Make wfGetDB() return a MaintainableDBConnRef instance [17:34:17] that'll be your issue [17:34:30] absor70: basically, you probably need to get a DB object from somewhere else... [17:35:25] Depending on where/when you're running that code.. [17:35:28] MediaWikiServices::getInstance()->getDBLoadBalancer()->getConnection( DB_MASTER ) [17:36:49] I see, so this introduce a big change. [17:37:33] absor70: Do you need to use tablePrefix because all your extensions use a common prefix? Or is it because you need to read from a different wiki database instance? [17:38:04] Because a need to read from a different wiki db [17:40:04] I don't have the answer by myself, but MediaWiki already reads from a different wiki's database, for example, when using $wgForeignFileRepos via the ForeignDBRepo class [17:40:13] https://www.mediawiki.org/wiki/Manual:$wgForeignFileRepos#ForeignDBRepo_class [17:40:55] Maybe digging what does this class can give you an answer about what would be the correct way to go about that [17:41:06] $lbFactory = MediaWikiServices::getInstance()->getDBLoadBalancerFactory(); [17:41:06] $lb = $lbFactory->getMainLB( $wiki ); [17:41:06] $db = $lb->getConnection( DB_MASTER, [], $wiki ); [17:41:10] Should be able to do something like that... [17:41:35] nice, that might come in handy. thx for the pointers, Vulpix and Reedy, I think with those infos I can try moving ahead again [17:45:41] You shouldn't need to change too much, in most cases [17:51:32] Yes, in all cases I expected that to be much simpler :P [17:52:20] I'm just trying to improve on some old code that is doing a literal query, which obviously can be very insecure [18:08:23] addshore: what's the replacement for WMDE-TCB (e.g. maintainer of TwoColConflict) – https://phabricator.wikimedia.org/project/profile/1277/ [18:10:47] awight: ^ [19:12:57] ryanb_: Hi [21:53:15] Hi! [22:13:13] Krinkle: the qwerty team [22:26:06] addshore: thx, i've updated the description