=====Problem
Blocks can be evaded by changing the IP address (intentionally or unwittingly) so IP range blocks are often used to stop block evasions. However, these can cause collate damage by preventing good-faith innocent bystanders from editing. If an additional piece of data was used in addition to IP range, it could result in more (or wider) IP range blocks being set with less collateral damage.
CheckUsers can currently see User Agent information in their work. While this can also be spoofed, it is a reliable piece of information we're already collecting.
-------
=====Proposed solution
Allow IP addresses, particularly IP ranges, to be blocked via user-agent in addition to the IP address/range. CheckUsers should be the only group to use this function.
-------
=====Considerations / Open questions
* Is this an addition to Special:Block or a new special page?
* What does the UI look like?
** Does this field only become available for IP addresses or IP range blocks?
** Will it require copy+paste, like such: F3067391 ?
** Is this hooked into CheckUser directly?
** Is it simply "also block by the last UA this IP address used."?
* Do we need any time of data validation on save to ensure an ineffective block is being set?
* What does the log entry look like? (It will likely need to be marked in a specific way so when edits within the range are published it does not appear as if blocking is completely broken.)