Page MenuHomePhabricator

Unable to block large IPv4 /8 ranges
Open, MediumPublic

Description

On an external MW installation (ver 1.17.0), the parm re max range has been changed as follows:
$wgBlockCIDRLimit = array (

'IPv4' => 8,
'IPv6' => 19, # 2^109 = ~6.5x10^32 addresses

);

Applied one /8 hard block. Block log and block list are ok. However certain IP's from that range still succeed to register new accounts.

Because of bug 41778 the fields "ipb_range_start" and "ipb_range_end" have been checked. They are of the type "tinyblob".

So it might be that somewhere a routine cannot handle the diff between hi and lo of that range (i.e. 16777216) because a variable has been declared as a 16 bit integer or something like that.

Obviously would never be discovered on WMF wikis because max block range is /16


Version: 1.17.x
Severity: normal

Details

Reference
bz42303

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 22 2014, 12:48 AM
bzimport set Reference to bz42303.
bzimport added a subscriber: Unknown Object (MLST).
RonaldB created this task.Nov 20 2012, 9:51 PM

Have you checked if this problem still happens with a supported version of MediaWiki (if so, which version)?

RonaldB: Could you answer comment 1, please?

@Andre Klapper,

No. Is existing installation and I don't have control re that aspect myself.

But doubt whether this is version specific. As Wikipedia etc. is restricted to blocking /16 ranges at the largest, I fear that the blocking functionality for larger ranges (e.g. /8) has not been tested for ages.

The work-around is obviously breaking down large ranges into (quite a number) of smaller ones.

Btw: reason for interest to block large ranges is spam from countries (e.g. CN) that would never be interested to edit any page on that particular wiki.