Last modified: 2012-08-03 13:53:35 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T5340, the corresponding Phabricator task for complete and up-to-date bug report information.
Bug 3340 - Allowing subset of a blocked IP Ranges
Allowing subset of a blocked IP Ranges
Status: NEW
Product: MediaWiki
Classification: Unclassified
Special pages (Other open bugs)
All All
: Low enhancement with 2 votes (vote)
: ---
Assigned To: Nobody - You can work on this!
Depends on:
  Show dependency treegraph
Reported: 2005-09-03 04:28 UTC by Luke Stevenson
Modified: 2012-08-03 13:53 UTC (History)
3 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Description Luke Stevenson 2005-09-03 04:28:58 UTC
I realise that IP Addresses can now be blocked using CIDR masks of 
between 16 & 32, which is an improvement on single IP Addresses.

For my application, I am wanting to have a restricted number of 
terminals that can access the Wiki.

My suggestions are two-fold:
- Add Full CIDR Support, allowing blocking of any and all ranges of 
- Add An "Allow" Option, permitting overidding of the Blocks, and 
thereby providing a good tool for very restrictive access.

The idea here being that a large range of addresses can be blocked 
(eg but by processing the "Allow" list after 
the "Block" list (and only if the accessing IP is within a Blocked 
range), I could specify that be allowed to access the 

NOTE: I am a newbie, and I have tried to find resources to allow 
this kind of functionality, but without success. If I need 
to "RTFM", feel free to tell me so.
Comment 1 Antoine "hashar" Musso (WMF) 2005-09-18 11:16:28 UTC
Changing summary. Switching to feature request.

There is no such thing as allowing a block of IP addresses. Special:Blockip
just block stuff and that should usually be enough :)

MediaWiki is hardcoded to disallow blocking of block that are more than
a /16 . You can still hack the code around to allow something bigger ;o)

Comment 2 Luke Stevenson 2005-09-18 11:25:42 UTC
Thanks Ashar,

That's what I was looking for - why is MediaWiki hard-coded to limit the block 
size to /16 ? Why not allow larger blocks that that?
Comment 3 Rob Church 2006-04-04 09:37:15 UTC
(In reply to comment #2)
> Thanks Ashar,
> That's what I was looking for - why is MediaWiki hard-coded to limit the block 
> size to /16 ? Why not allow larger blocks that that?

To stop sysops who don't understand how it works from blocking massive subnets
and causing serious problems.
Comment 4 Michael Daly 2007-06-22 17:19:08 UTC
Could this be changed to allow any range for sysops who _do_ know what they're doing?  Perhaps with a parameter in LocalSettings.php so the wiki admin can limit the damage or not (e.g. wgCIDRlimit = 16;)?

I have a lot of problems with spam via several companies within the Asia Pacific Network and see no reason why I shouldn't be able to block nnn.0.0.0/8 without having to enter 256 separate blocks of nnn.nnn.0.0/16.  If I had one single valid user in these ranges, I'd deal with them separately.
Comment 5 Chad H. 2009-10-30 21:42:22 UTC
Added $wgBlockCIDRLimit in r58377. Other request (exempting specific IPs from a range block) is not done, though.

Note You need to log in before you can comment on or make changes to this bug.