User:DWalden (WMF)/GlobalBlocking
Feature documentation
editGlobalBlocking allows administrators to block IP/IP ranges across all wikis.
Globally blocked IPs will not be allowed to perform certain actions on any wiki, such as editing and uploading files.
It adds the special pages:
- Special:GlobalBlock (block an IP or IP range)
- Special:GlobalUnblock (unblock an IP or IP range)
- Special:GlobalBlockList (lists all the IP/ranges currently globally blocked)
- Special:GlobalBlockWhitelist (disable a global block for an IP/range only on the current wiki)
It also has an API.
Usage doc: Extension:GlobalBlocking#Usage
Test documentation
editWhere to test it
editIt can be tested on beta if your user has administrator/sysop permissions.
How to install locally
editSee MediaWiki-Docker/Extension/GlobalBlocking.
Coverage criteria
editTypes of block:
- IP (IPv4 and IPv6)
- IP range (must be in "CIDR" notation, see Help:Range_blocks or Manual:IP_ranges)
Parameters when creating a block:
- "Globally block anonymous users only"
- "Also block the given IP address locally on this wiki" (creates a local database block)
- Expiry
- Reason (can include wikitext markup, templates, HTML(?), etc.)
Actions which are globally blocked (I don't think this is exhaustive):
- editing
- uploading
- moving pages
- deleting/undeleting pages
- Special:UserRights
- various extension actions
Other things:
- X-Forward-For
Oracles
editIf you are on an IP which is globally blocked, you will be prevented from performing several actions (some are noted above).
When attempting to perform blocked actions, you will instead be shown a message informing you of the block. The message should be accurate (i.e. have the correct information about who blocked you, for how long, etc.) and provide helpful information for users who want to go about being unblocked (e.g. it should say who to contact, which IP address is being blocked, through which mechanism the block was created, the ID of the block, etc. so admins know which block is being referred to).
You should be able to perform other actions as usual (such as reading an article and I believe creating an account).
Risks
edit- Reason is not correctly stored in the database or is parsed incorrectly when shown to the user
- Example bug showing a Reason being stored in the database incorrectly phab:T306431
Quality criteria
editTechniques
edit- Combination testing, see block combinations matrix.
Test data
editTest tools and scripts
editSimulate a different IP address locally (on docker)
editAdd this to LocalSettings.php
:
$wgCdnServersNoPurge = [ '172.0.0.1/8' ];
$wgUsePrivateIPs = true;
Install a browser extension which allows you to change your X-Forward-For header. For example, this one for Firefox or Chrome.
Follow the instructions provided by the addon to change your X-Forward-For header to the IP you want to simulate.
Then interact with the wiki as usual.
Add an IP address to your X-Forward-For header
editFollow the instructions about simulating a different IP address but do not add anything to your LocalSettings.php
(comment that part out if you have added it).
This should also work on beta and production.
Logs and debugging
editCurrent testing status
editTest strategy
editTesting done
editTODOs
editTesting which will not be done
editHow-to guides
edite.g. how to checkout a previous version of a patch.
Other documentation
edite.g. links to other documentation about the feature or project.