Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Exclude unknown urls: Check whether known URL starts with path if one is defined, do no longer match subdomains #9358

Merged
merged 1 commit into from Dec 8, 2015

Conversation

@tsteur
Copy link
Member

tsteur commented Dec 7, 2015

This PR is related to this checkbox in the "Manage Websites" screen
image

In #588 we added this feature to only track a request when it was actually sent from that domain. The description says the following:

Only track visits and actions when the action URL starts with one of the above URLs.

However, it also allowed the tracking for any subdomain but it was not described in the UI. This PR fixes it to only perform an exact match (protocol http/https is still ignored). Also if any of these URLs specifies a path we do now check whether the path is present in the tracked URL (see #9320 where we already made similar changes).

tsteur added a commit that referenced this pull request Dec 8, 2015
Exclude unknown urls: Check whether known URL starts with path if one is defined, do no longer match subdomains
@tsteur tsteur merged commit 7eab19e into master Dec 8, 2015
0 of 2 checks passed
0 of 2 checks passed
continuous-integration/travis-ci/pr The Travis CI build failed
Details
continuous-integration/travis-ci/push The Travis CI build failed
Details
@tsteur tsteur deleted the exact_match_unknownurl branch Dec 8, 2015
@gaumondp

This comment has been minimized.

Copy link

gaumondp commented Dec 9, 2015

May I suggest writing a FAQ/Blog post about this ? I think more people should be made aware of this important feature and modification between 2.15 and 2.15.1.

FAQ: How do I make sure my Piwik installation add my own stats ? (Or how to prevent stats poisoning? Maybe too alarmist...)

"Since Piwik 2.15, when you add a new website or edit an old one in Administration=>Manage Websites, a checkbox under the URLs field as been added to limit which URL Piwik will accept as valid visits. When enabled, Piwik will only track internal actions when the Page URL is one of the known URLs for your website. This prevents people from spamming your analytics with URLs for other websites."

Frankly 2 years ago I was surprised it was not already there. :)

The new information from this ticket could also be added with examples to make it crystal clear for anyone. Something like :

With the checkbox enabled and these sites in the list you can expect this behavior :

URLs + checkbox enable :
http://www.example.com/
http://other.example.com

Results if one of those link to your Piwik server :
htttp://www.bad.com (Will not add any stats, that's what the checkbox is all about)
https://www.example.com (will be accounted for, Piwik don't take protocol https or http into account)
http://blah.example.com (from Piwik 2.15.1 and onward it will NOT be a valid URL for Piwik)

If my examples are bad then it means it's not clear right now! ;)

@tsteur

This comment has been minimized.

Copy link
Member Author

tsteur commented Dec 9, 2015

The examples are good. Now you could even do http://www.example.com/mywebsite and requests for http://www.example.com/otherwebsite would be ignored. There is already an FAQ article in http://piwik.org/faq/how-to/#faq_21077 but maybe we could add some more examples indeed and/or be more clear in the UI.

BTW: I'm not sure why I explained re subdomains but nowadays there are many services that let you for example create an account with an own subdomain or with a different path (eg ssl-account.com) that's why we let people restrict it very precisely if they want to restrict it.

@gaumondp

This comment has been minimized.

Copy link

gaumondp commented Dec 10, 2015

I don't want to sound alarming but since the restriction for sub-domain changed between 2.15.0 and 2.15.1.should it be called a breaking change or at least be underline in the release notes as a different behavior ?

You don't want complains about stats missing after upgrading from someone expecting other.example.com to work if he had just www.examples.com and it used to work in 2.15.0.

As often the case, it's not for me, but I presume 99% Piwik "normal" users don't peruse on Github daily. ;)

@tsteur

This comment has been minimized.

Copy link
Member Author

tsteur commented Dec 10, 2015

We could maybe add a label "Major" which will make it appear earlier in the changelog. It might be added to the release description but this is always done when releasing the new version manually

mattab added a commit that referenced this pull request Dec 18, 2015
@mattab

This comment has been minimized.

Copy link
Member

mattab commented Dec 18, 2015

@gaumondp thanks for suggestion, documented in the developer changelog @ 6910c97

@gaumondp

This comment has been minimized.

Copy link

gaumondp commented Dec 21, 2015

I just read the changelog. I don't want to be picky @mattab but my understanding was that the change is not in 2.15.0 but in future 2.15.1 and it's not only important for developers but for any Piwik Super User.

@mattab

This comment has been minimized.

Copy link
Member

mattab commented Dec 21, 2015

@gaumondp I created #9428 so that it will show up in the user changelog as well

@mattab mattab added the Major label Jan 29, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.