http: Add $wgLocalHTTPProxy to set a proxy for local requests

Currently requests to domains listed in $wgLocalVirtualHosts bypass use of the standard $wgHttpProxy. With WMF's migration to Kubernetes, we limit outgoing traffic in a much stricter manner, so even internal requests will need to go over a proxy (e.g. Envoy). If the domain passes MWHttpRequest::isLocalURL(), then $wgLocalHTTPProxy will be used if set, otherwise no proxy will be used (current behavior). Bug: T288848 Change-Id: Ifd0cbab02fa8f14a82ca34ebc7ad95b2be174434
2021-08-19 09:07:50 -07:00 · 2021-08-19 09:07:50 -07:00 · 5312ac5497
commit 5312ac5497
parent 4818a2e2ad
3 changed files with 25 additions and 9 deletions
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@ -9682,7 +9682,7 @@ $wgHTTPProxy = '';
 *
 * This affects the following:
 * - MWHttpRequest: If a request is to be made to a domain listed here, or any
- *   subdomain thereof, then no proxy will be used.
+ *   subdomain thereof, then $wgLocalHTTPProxy will be used.
 *   Command-line scripts are not affected by this setting and will always use
 *   the proxy if it is configured.
 *
@ -9690,6 +9690,16 @@ $wgHTTPProxy = '';
 */
 $wgLocalVirtualHosts = [];

+/**
+ * Proxy to use to requests to domains in $wgLocalVirtualHosts
+ *
+ * If set to false, no proxy will be used for local requests
+ *
+ * @var string|bool
+ * @since 1.37
+ */
+$wgLocalHTTPProxy = false;
+
 /**
 * Whether to respect/honour the request ID provided by the incoming request
 * via the `X-Request-Id` header. Set to `true` if the entity sitting in front
--- a/includes/http/HttpRequestFactory.php
+++ b/includes/http/HttpRequestFactory.php
@ -70,7 +70,7 @@ class HttpRequestFactory {
 	 *                          not be used in production code.
 	 *    - postData            An array of key-value pairs or a url-encoded form data
 	 *    - proxy               The proxy to use.
-	 *                          Otherwise it will use $wgHTTPProxy (if set)
+	 *                          Otherwise it will use $wgHTTPProxy or $wgLocalHTTPProxy (if set)
 	 *                          Otherwise it will use the environment variable "http_proxy" (if set)
 	 *    - noProxy             Don't use any proxy at all. Takes precedence over proxy value(s).
 	 *    - sslVerifyHost       Verify hostname against certificate
--- a/includes/http/MWHttpRequest.php
+++ b/includes/http/MWHttpRequest.php
@ -224,17 +224,23 @@ abstract class MWHttpRequest implements LoggerAwareInterface {
 	 * @return void
 	 */
 	protected function proxySetup() {
-		// If there is an explicit proxy set and proxies are not disabled, then use it
-		if ( $this->proxy && !$this->noProxy ) {
+		global $wgHTTPProxy, $wgLocalHTTPProxy;
+		// If proxies are disabled, clear any other proxy
+		if ( $this->noProxy ) {
+			$this->proxy = '';
 			return;
 		}

-		// Otherwise, fallback to $wgHTTPProxy if this is not a machine
-		// local URL and proxies are not disabled
-		if ( self::isLocalURL( $this->url ) || $this->noProxy ) {
-			$this->proxy = '';
+		// If there is an explicit proxy already set, use it
+		if ( $this->proxy ) {
+			return;
+		}
+
+		// Otherwise, fallback to $wgLocalHTTPProxy for local URLs
+		// or $wgHTTPProxy for everything else
+		if ( self::isLocalURL( $this->url ) ) {
+			$this->proxy = (string)$wgLocalHTTPProxy;
 		} else {
-			global $wgHTTPProxy;
 			$this->proxy = (string)$wgHTTPProxy;
 		}
 	}