Blog Posts

Wikipedia behind mod_proxy

by Christian Stocker,
21.01.2005 00:28 CEST - Comments [7]

The wikipedia software runs only on PHP 4 (due to bad class naming in PHPTAL), but I wanted to let the accompanying wiki to this blog to run under the same domain as the blog itself: mod_proxy to the rescue. The following lines in httpd.conf got things quite smoothly started (and you know now, how the reach the wiki with circumventing the proxy, but so what ;)):

ProxyRequests Off
ProxyPass /wiki/ http://blog4p.bitflux.ch/wiki/
ProxyPassReverse /wiki/ http://blog4p.bitflux.ch/wiki/

Until I got a complaint, that the wiki can't be edited anymore. This happened after I blocked a wiki-spammer by username (they are worse than comment spammers...), but since wikipedia also remembers the IP of the offending spammer (which - "thanks" to proxying - was the one of the blogserver), everyone else was also blocked... Not surprisingly, wikipedia took precautions for this scenario, just add the following to LocalSettings.php and wikipedia honors the X-Forwarded-For header added by mod_proxy:

$wgUseSquid = true;

I don't know, if it tries some proprietary squid stuff with just this setting (there are more Squid options available in LocalSettings.php), but it seems to work. Please report, if you still encounter problems.

About the author

Christian Stocker
Find more about him on Twitter, Facebook, Google+, LinkedIn, Xing and his personal site.

Comments [7]

Alan Knowles, 21.01.2005 02:49 CEST

come on, run phpinfo() on the server, you will see something like $_SERVER['X-FORWARDED-IP'] (cant remember the exact value) set to the original value.

It would be nice if PHP swapped the REMOTE_HOST var for you, if you told it that you where behind a proxy :
php_value behind_proxy = 192.168.0.1

messing around with X-FORWARDED stuff just seems messy to me.

chregu, 21.01.2005 10:50 CEST

Alain, you're of course right. This would also work.
But setting wgUseSquid does some more magic in Wikipedia. For example, it takes all IP adresses in x-forwarded into account (there could be more than one proxy in between). There are other line of code, which use this variable, but I didn't look very deep into it.

Robbert Broersma, 21.01.2005 13:44 CEST

I've got MediaWiki running on PHP 5.03, and even on PHP 5.1-dev. To get the last running I had to adjust one line of code, and this patch has recently been accepted in the MediaWiki Bugzilla. So I don't really see the problem?

By the way: I did turn of the errors to get rid of all those hundreds of E_STRICT errors, e.a. - but it works great.

chregu, 21.01.2005 13:49 CEST

Robbert: Last time I tried with mediawiki and php5 was a few months... Maybe I should try again ;)

Jacques, 21.01.2005 19:11 CEST

You tend to need to look at the last value of the $_SERVER['HTTP_X_FORWARDED_FOR'] if you are running behind squid or using the apache reverse proxy stuff.

Bernhard Seefeld, 22.01.2005 15:19 CEST

Have a look at mod_rpaf at
http://stderr.net/apache/rpaf/

It transparently changes REMOTE_HOST for all apache modules, and thus PHP4, if the request comes from a specified proxy.

It was designed exactly for your use case.

Richard Barrett, 11.05.2006 12:34 CEST

The mod_extract_forwarded Apache module also provides a consistent and secure way of taking account of Forwarded-For header. See:

http://www.openinfo.co.uk/apache/index.html

Add a comment

Your email adress will never be published. Comment spam will be deleted!