* Martijn Hoekstra <martijnhoekstra(a)gmail.com> [Thu, 3 Feb 2011 23:12:27
+0100]:
I'm glad this thread soon got to the point where
we realise the
problem is on the application layer level.
So what are exactly the implications for blocking and related issues
when we will start to see ISP level NATing?
Am I right to assume that we will start seeing requests from say a
global ISP NAT which may cover many clients, XFF 10.x.x.x?
If so, do we need to be able to send both the ISP NAT IP, and the XFF
IP to the servers, and amend the software so that we are able to block
on the combination (so we can block, for example IP 9.10.11.12 XFF
10.45.68.15?)
Will we be needing anon user- and user talk pages for a combination of
ISP NAT IP and XFF IP? when ISP level NAT's show up?
I already do something like that with IPv4 in my poll extension. I've
noticed how many people are posting from private addresses behind the
proxies with internet address, so I record both IP/XFF as anonymous user
name (however private IP XFF by default is not recorded, you have to
enable it with $wgUsePrivateIPs = true; XFF value becomes a subpage in
NS_USER user page.
Dmitriy