* Martijn Hoekstra martijnhoekstra@gmail.com [Thu, 3 Feb 2011 23:12:27 +0100]:
I'm glad this thread soon got to the point where we realise the problem is on the application layer level.
So what are exactly the implications for blocking and related issues when we will start to see ISP level NATing? Am I right to assume that we will start seeing requests from say a global ISP NAT which may cover many clients, XFF 10.x.x.x?
If so, do we need to be able to send both the ISP NAT IP, and the XFF IP to the servers, and amend the software so that we are able to block on the combination (so we can block, for example IP 9.10.11.12 XFF 10.45.68.15?)
Will we be needing anon user- and user talk pages for a combination of ISP NAT IP and XFF IP? when ISP level NAT's show up?
I already do something like that with IPv4 in my poll extension. I've noticed how many people are posting from private addresses behind the proxies with internet address, so I record both IP/XFF as anonymous user name (however private IP XFF by default is not recorded, you have to enable it with $wgUsePrivateIPs = true; XFF value becomes a subpage in NS_USER user page. Dmitriy