Last modified: 2012-08-03 13:53:35 UTC
I realise that IP Addresses can now be blocked using CIDR masks of between 16 & 32, which is an improvement on single IP Addresses. For my application, I am wanting to have a restricted number of terminals that can access the Wiki. My suggestions are two-fold: - Add Full CIDR Support, allowing blocking of any and all ranges of addresses. - Add An "Allow" Option, permitting overidding of the Blocks, and thereby providing a good tool for very restrictive access. The idea here being that a large range of addresses can be blocked (eg 172.136.0.0/16) but by processing the "Allow" list after the "Block" list (and only if the accessing IP is within a Blocked range), I could specify that 172.136.5.0/24 be allowed to access the system. NOTE: I am a newbie, and I have tried to find resources to allow this kind of functionality, but without success. If I need to "RTFM", feel free to tell me so.
Changing summary. Switching to feature request. There is no such thing as allowing a block of IP addresses. Special:Blockip just block stuff and that should usually be enough :) MediaWiki is hardcoded to disallow blocking of block that are more than a /16 . You can still hack the code around to allow something bigger ;o)
Thanks Ashar, That's what I was looking for - why is MediaWiki hard-coded to limit the block size to /16 ? Why not allow larger blocks that that?
(In reply to comment #2) > Thanks Ashar, > > That's what I was looking for - why is MediaWiki hard-coded to limit the block > size to /16 ? Why not allow larger blocks that that? To stop sysops who don't understand how it works from blocking massive subnets and causing serious problems.
Could this be changed to allow any range for sysops who _do_ know what they're doing? Perhaps with a parameter in LocalSettings.php so the wiki admin can limit the damage or not (e.g. wgCIDRlimit = 16;)? I have a lot of problems with spam via several companies within the Asia Pacific Network and see no reason why I shouldn't be able to block nnn.0.0.0/8 without having to enter 256 separate blocks of nnn.nnn.0.0/16. If I had one single valid user in these ranges, I'd deal with them separately.
Added $wgBlockCIDRLimit in r58377. Other request (exempting specific IPs from a range block) is not done, though.