Last modified: 2012-08-03 13:53:35 UTC
I realise that IP Addresses can now be blocked using CIDR masks of
between 16 & 32, which is an improvement on single IP Addresses.
For my application, I am wanting to have a restricted number of
terminals that can access the Wiki.
My suggestions are two-fold:
- Add Full CIDR Support, allowing blocking of any and all ranges of
- Add An "Allow" Option, permitting overidding of the Blocks, and
thereby providing a good tool for very restrictive access.
The idea here being that a large range of addresses can be blocked
(eg 22.214.171.124/16) but by processing the "Allow" list after
the "Block" list (and only if the accessing IP is within a Blocked
range), I could specify that 126.96.36.199/24 be allowed to access the
NOTE: I am a newbie, and I have tried to find resources to allow
this kind of functionality, but without success. If I need
to "RTFM", feel free to tell me so.
Changing summary. Switching to feature request.
There is no such thing as allowing a block of IP addresses. Special:Blockip
just block stuff and that should usually be enough :)
MediaWiki is hardcoded to disallow blocking of block that are more than
a /16 . You can still hack the code around to allow something bigger ;o)
That's what I was looking for - why is MediaWiki hard-coded to limit the block
size to /16 ? Why not allow larger blocks that that?
(In reply to comment #2)
> Thanks Ashar,
> That's what I was looking for - why is MediaWiki hard-coded to limit the block
> size to /16 ? Why not allow larger blocks that that?
To stop sysops who don't understand how it works from blocking massive subnets
and causing serious problems.
Could this be changed to allow any range for sysops who _do_ know what they're doing? Perhaps with a parameter in LocalSettings.php so the wiki admin can limit the damage or not (e.g. wgCIDRlimit = 16;)?
I have a lot of problems with spam via several companies within the Asia Pacific Network and see no reason why I shouldn't be able to block nnn.0.0.0/8 without having to enter 256 separate blocks of nnn.nnn.0.0/16. If I had one single valid user in these ranges, I'd deal with them separately.
Added $wgBlockCIDRLimit in r58377. Other request (exempting specific IPs from a range block) is not done, though.