Page MenuHomePhabricator

ThrottleOverride should have a configuration option to blacklist ips
Open, MediumPublic

Description

Throttle override currently does not offer a way to blacklist a set of ip addresses from being used in an override rule. Wikimedia would need this, especially for private ranges. While it's reasonable to expect developers (who are needed for the current process of sending a patch to gerrit, deploying it in swat) to just notice private ranges when seeing them, we cannot expect stewards to know that they should not set a throttle exemption for 172.19.12.18 or fe80::3301:e425:27ad:370f.

We could hardcode the private addresses, but I'd rather use a configurable blacklist which will have less impact for external users of this extension and allows us to easily adopt this in case we want to block some ip address for a different reason in the future.

Event Timeline

EddieGP triaged this task as Medium priority.Apr 28 2018, 8:53 AM
EddieGP created this task.
Vvjjkkii renamed this task from ThrottleOverride should have a configuration option to blacklist ips to c1daaaaaaa.Jul 1 2018, 1:13 AM
Vvjjkkii raised the priority of this task from Medium to High.
Vvjjkkii updated the task description. (Show Details)
Vvjjkkii removed subscribers: MarcoAurelio, Aklapper.
CommunityTechBot renamed this task from c1daaaaaaa to ThrottleOverride should have a configuration option to blacklist ips.Jul 2 2018, 3:00 PM
CommunityTechBot lowered the priority of this task from High to Medium.
CommunityTechBot updated the task description. (Show Details)