Page MenuHomePhabricator
Create Task
Maniphest T42439

Allow global allowlisting for global blocks
Open, LowestPublicFeature
Actions

Description

When we rangeblock webhosts, some people have bots or other legitimate on their own dedicated subnets. When a legitimate user requests an exemption for their bot, as occured with the IPv6 rangeblock of OVH, we should not have to replace a single block with many (2^16+2^15...2^7=2^17-2^7). It would be very nice if we could do something like "Steward X exempted 2001:db8:2:/48 from the rangeblock 2001:db8::/32 (until June 2013)".

This would also go well with local rangeblocking.

See also:

Version: unspecified
Severity: enhancement

Details

Reference
bz40439
SubjectRepoBranchLines +/-
[refactor] Rename GlobalBlocking::getWhitelistInfo to getLocalWhitelistInfomediawiki/extensions/GlobalBlockingmaster+8 -8
Customize query in gerrit

Related Objects

Event Timeline

bzimport raised the priority of this task from to Lowest.Nov 22 2014, 1:05 AM
bzimport added a project: GlobalBlocking.
bzimport set Reference to bz40439.
bzimport added a subscriber: Unknown Object (MLST).
Jasper created this task.Sep 22 2012, 5:51 AM
Nemo_bis added a comment.Sep 22 2012, 8:10 PM

I think you're asking two separate things:

  1. a global whitelist for global block, in addition to local whitelists;
  2. the possibility to whitelist IP ranges.

Both seem of extremely low priority, anyway I suggest to split the bug.

Jasper added a comment.Sep 22 2012, 9:41 PM

Not quite. I'm only asking for the ability to whitelist certain ranges/individual addresses, which I don't really think are separate.

MZMcBride added a comment.Sep 22 2012, 9:44 PM

(In reply to comment #0)

When we rangeblock webhosts, some people have bots or other legitimate on their
own dedicated subnets. When a legitimate user requests an exemption for their
bot, as occured with the IPv6 rangeblock of OVH, we should not have to replace
a single block with many (2^16+2^15...2^7=2^17-2^7). It would be very nice if
we could do something like "Steward X exempted 2001:db8:2:/48 from the
rangeblock 2001:db8::/32 (until June 2013)".

This would also go well with local rangeblocking.

I'm going to assume this bug is just about global blocks. Updating the bug summary accordingly (from "Allow exceptions to rangeblocks" to "Allow exceptions to global IP rangeblocks").

Nemo_bis added a comment.Sep 22 2012, 9:49 PM

(In reply to comment #2)

Not quite. I'm only asking for the ability to whitelist certain
ranges/individual addresses, which I don't really think are separate.

Whitelisting is already possible, but only locally of course. I've not checked about whitelisting IP ranges, but I assume you did?

Jasper added a comment.Sep 22 2012, 9:50 PM

Local IP range whitelisting works, I've seen it in use on itwiki.

Nemo_bis added a comment.Sep 22 2012, 9:54 PM

Ok, so only the global part is missing.

werdna unsubscribed.Dec 10 2014, 6:17 PM
Aldnonymous subscribed.Feb 22 2015, 12:38 AM
Legoktm added a project: Stewards-and-global-tools.Oct 27 2015, 4:58 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 27 2015, 4:58 PM
Luke081515 merged a task: T120564: Allow single IPs to be whitelisted out of a globally blocked range.Dec 7 2015, 11:25 AM
Luke081515 added subscribers: Jalexander, Teles, M7 and 6 others.
Vituzzu awarded a token.Dec 7 2015, 11:40 AM
Glaisher mentioned this in T121098: Allow to locally whitelist subsets of globally blocked IP ranges.Dec 10 2015, 12:55 PM
Glaisher mentioned this in T108021: Allow to globally whitelist specific smaller IP addresses/ranges.Dec 10 2015, 12:57 PM
Glaisher merged a task: T108021: Allow to globally whitelist specific smaller IP addresses/ranges.
Glaisher added subscribers: Shanmugamp7, Glaisher.
NahidSultan subscribed.Apr 14 2016, 4:02 PM
Restricted Application added a subscriber: JEumerus. · View Herald TranscriptApr 14 2016, 4:02 PM
Bodhisattwa subscribed.Apr 14 2016, 4:07 PM
MarcoAurelio removed a subscriber: wikibugs-l-list.Apr 18 2016, 9:18 AM
Ato_01 subscribed.May 28 2016, 7:03 AM
MarcoAurelio removed a parent task: T43492: [DO NOT USE] Steward, global sysop and SWMT tasks bugs (tracking) [superseded by #Stewards-and-global-tools].Jan 11 2017, 11:39 PM
Matanya moved this task from Untriaged to Medium priority on the Stewards-and-global-tools board.Apr 19 2017, 8:22 PM
Bugreporter merged a task: T229187: Create specific IP exemptions for global blocks.Jul 28 2019, 11:38 PM
Bugreporter added a subscriber: kolbert.
Jony subscribed.Jul 29 2019, 2:24 AM
Platonides awarded a token.Nov 16 2019, 10:44 PM
Platonides subscribed.
gerritbot added a comment.Feb 28 2021, 5:12 PM

Change 667412 had a related patch set uploaded (by Urbanecm; owner: Urbanecm):
[mediawiki/extensions/GlobalBlocking@master] [refactor] Rename GlobalBlocking::getWhitelistInfo to getLocalWhitelistInfo

https://gerrit.wikimedia.org/r/667412

gerritbot added a project: Patch-For-Review.Feb 28 2021, 5:12 PM
Zabe subscribed.Dec 5 2021, 6:21 PM
gerritbot added a comment.Dec 5 2021, 6:31 PM

Change 667412 merged by jenkins-bot:

[mediawiki/extensions/GlobalBlocking@master] [refactor] Rename GlobalBlocking::getWhitelistInfo to getLocalWhitelistInfo

https://gerrit.wikimedia.org/r/667412

ReleaseTaggerBot added a project: MW-1.38-notes (1.38.0-wmf.12; 2021-12-06).Dec 5 2021, 7:00 PM
Maintenance_bot removed a project: Patch-For-Review.Dec 5 2021, 7:10 PM
Aklapper changed the subtype of this task from "Task" to "Feature Request".Feb 4 2022, 11:14 AM
Tks4Fish added a project: User-Tks4Fish.Feb 5 2022, 5:27 PM
Tks4Fish moved this task from Up next to Looking at on the User-Tks4Fish board.
Stang subscribed.Apr 7 2022, 5:56 PM
MarioGom subscribed.Apr 21 2022, 10:01 PM
Vermont subscribed.Apr 22 2022, 12:25 AM
GeneralNotability subscribed.Apr 23 2022, 3:26 AM
MarioGom added a comment.Apr 23 2022, 10:04 AM

As a workaround, you can use BlockAround to calculate the required blocks to block a range except one IP.

Sj added subscribers: Enterprisey, Sj.Apr 26 2022, 4:46 PM

Please raise the priority of this :)

@Enterprisey's tools are wonderful but the real solution here is clear, and will save the time of everyone already using BlockAround [as well as those would-be editors who simply don't get unblocked b/c this is hard!].

Aklapper added a comment.Apr 26 2022, 5:29 PM

@Sj: Priority reflects the cruel reality. Please see https://www.mediawiki.org/wiki/Bug_management/Development_prioritization - thanks!

Stang mentioned this in T308702: Update IP addresses for Wiki Education Dashboard exemptions to rate-limiting and global block.May 25 2022, 3:07 PM
MarcoAurelio mentioned this in T335176: Request to add IP to Trusted XFF list.Apr 24 2023, 2:22 PM
MarcoAurelio subscribed.Apr 24 2023, 2:25 PM

Being able to exempt individual IPs or subranges for a given local or global rangeblock would be very helpful and has become an increasingly needed feature for the last 2 or 3 years at least.

Xaosflux subscribed.Apr 26 2023, 5:25 PM
Reedy renamed this task from Allow global whitelisting for global blocks to Allow global allowlisting for global blocks.Apr 27 2023, 2:01 PM
Reedy removed a subscriber: MZMcBride.
Johannnes89 subscribed.Aug 10 2023, 3:39 PM
Bugreporter updated the task description. (Show Details)Sep 4 2023, 2:43 PM
kostajh subscribed.Feb 2 2024, 8:07 AM
gymate awarded a token.Feb 7 2024, 7:50 PM
gymate subscribed.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits