https://bugzilla.wikimedia.org/show_bug.cgi?id=23343
Summary: Allow blocking open proxies based on X-Forwarded-For
header
Product: MediaWiki
Version: unspecified
Platform: All
OS/Version: All
Status: NEW
Severity: enhancement
Priority: Normal
Component: Blocking
AssignedTo: [email protected]
ReportedBy: [email protected]
Would it make sense if blocking an IP also blocked edits from open proxies that
have the blocked IP in their X-Forwarded-For header, independently of whether
the proxy is on the trusted XFF list?
Use case: Open proxies are currently not blocked on a pre-emptive basis at
dewiki. There is one banned user who uses random open proxies for attacks,
without caring about XFF. On 28/29 April 2010, for example, he used 12 open
proxies within 3 1/2 hours, 6 out of which were transparent. His real IP range
is known. If blocking that range applied to transparent proxies, we could
prevent that they are abused and wouldn't have to block them.
The X-Forwarded-For header may be forged, but I don't see how that could be a
problem in this scenario. Even if it might be possible to "escape" a range
block by forging the XFF header, the proxy would then be blocked as having been
abused.
--
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
