Page MenuHomePhabricator
Create Task
Maniphest T5340

Allowing whitelisting single IP addresses within a blocked IP range
Open, LowPublicFeature
Actions

Description

Author: lucanos

Description:
I realise that IP Addresses can now be blocked using CIDR masks of
between 16 & 32, which is an improvement on single IP Addresses.

For my application, I am wanting to have a restricted number of
terminals that can access the Wiki.

My suggestions are two-fold:

  • Add Full CIDR Support, allowing blocking of any and all ranges of

addresses.

  • Add An "Allow" Option, permitting overidding of the Blocks, and

thereby providing a good tool for very restrictive access.

The idea here being that a large range of addresses can be blocked
(eg 172.136.0.0/16) but by processing the "Allow" list after
the "Block" list (and only if the accessing IP is within a Blocked
range), I could specify that 172.136.5.0/24 be allowed to access the
system.

NOTE: I am a newbie, and I have tried to find resources to allow this kind of functionality, but without success. If I need to "RTFM", feel free to tell me so.

See also:

Version: 1.5.x
Severity: enhancement

Details

Reference
bz3340

Related Objects

Event Timeline

bzimport raised the priority of this task from to Low.Nov 21 2014, 8:47 PM
bzimport added a project: MediaWiki-Special-pages.
bzimport set Reference to bz3340.
bzimport added a subscriber: Unknown Object (MLST).
bzimport created this task.Sep 3 2005, 4:28 AM
hashar added a comment.Sep 18 2005, 11:16 AM

Changing summary. Switching to feature request.

There is no such thing as allowing a block of IP addresses. Special:Blockip
just block stuff and that should usually be enough :)

MediaWiki is hardcoded to disallow blocking of block that are more than
a /16 . You can still hack the code around to allow something bigger ;o)

bzimport added a comment.Sep 18 2005, 11:25 AM

lucanos wrote:

Thanks Ashar,

That's what I was looking for - why is MediaWiki hard-coded to limit the block
size to /16 ? Why not allow larger blocks that that?

bzimport added a comment.Apr 4 2006, 9:37 AM

robchur wrote:

(In reply to comment #2)

Thanks Ashar,

That's what I was looking for - why is MediaWiki hard-coded to limit the block
size to /16 ? Why not allow larger blocks that that?

To stop sysops who don't understand how it works from blocking massive subnets
and causing serious problems.

bzimport added a comment.Jun 22 2007, 5:19 PM

michaeldaly wrote:

Could this be changed to allow any range for sysops who _do_ know what they're doing? Perhaps with a parameter in LocalSettings.php so the wiki admin can limit the damage or not (e.g. wgCIDRlimit = 16;)?

I have a lot of problems with spam via several companies within the Asia Pacific Network and see no reason why I shouldn't be able to block nnn.0.0.0/8 without having to enter 256 separate blocks of nnn.nnn.0.0/16. If I had one single valid user in these ranges, I'd deal with them separately.

demon added a comment.Oct 30 2009, 9:42 PM

Added $wgBlockCIDRLimit in r58377. Other request (exempting specific IPs from a range block) is not done, though.

Reguyla moved this task from To triage to (Un)block/User rights/User groups/User lists (replaced by #MediaWiki-User-management) on the MediaWiki-Special-pages board.May 27 2015, 1:25 AM
demon unsubscribed.Aug 23 2015, 4:02 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 23 2015, 4:02 PM
Krinkle renamed this task from Allowing subset of a blocked IP Ranges to Allowing whitelisting single IP addresses within a blocked IP range.Aug 14 2018, 8:53 PM
Krinkle edited projects, added MediaWiki-User-management; removed MediaWiki-Special-pages.
Krinkle moved this task from Backlog to User blocking on the MediaWiki-User-management board.
Krinkle removed a subscriber: wikibugs-l-list.
Bugreporter merged a task: T241652: Allow overriding a range block with a more specific block with different settings.Dec 31 2019, 9:17 PM
Bugreporter added subscribers: ST47, MGChecker.
DannyS712 edited projects, added MediaWiki-Blocks; removed MediaWiki-User-management.Apr 25 2020, 12:14 AM
Restricted Application added a project: MediaWiki-User-management. · View Herald TranscriptApr 25 2020, 12:14 AM
JJMC89 removed a project: MediaWiki-User-management.Apr 25 2020, 6:40 PM
Aklapper changed the subtype of this task from "Task" to "Feature Request".Feb 4 2022, 11:02 AM
Bugreporter mentioned this in T121098: Allow to locally whitelist subsets of globally blocked IP ranges.Sep 4 2023, 2:42 PM
Bugreporter updated the task description. (Show Details)
Johannnes89 subscribed.Oct 3 2023, 2:37 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL