Extension:IPReputation/AbuseFilter variables
 | Recommendations:
|
|
IPReputation AbuseFilter variables
AbuseFilter variables that allow matching against IP reputation data to take specific actions
Category:WMF Projects 2025q1Category:WMF Projects 2025q2Category:WMF Projects 2025q2
|
The IPReputation extension adds several AbuseFilter variables if that extension is installed. These variables allow AbuseFilters to filter actions based on the IP reputation data for the IP being used to perform the action. These variables are marked as protected variables, which limits their use to protected filters and hides them from public view. Using these variables can help avoid the use IP addresses and IP ranges in filter conditions.
Where can I use these variables
These variables are accessible for all actions performed by anonymous users and temporary accounts. Additionally, these can be accessed for account creation of permanent accounts if they are creating their account while logged out. Account creations performed by other users and autocreations of permanent accounts are not supported by these variables. Expansion to all actions performed by permanent accounts is dependent on T234155.
As mentioned above, these variables can only be used in protected AbuseFilters.
This means that only users with the abusefilter-access-protected-vars right can use these variables or see their value.
Additionally, accessing the value of these variables causes a log entry and the value of the variables will expire after 3 months.
What variables are available for use
The AbuseFilter variables that currently exist are listed below:
| Description | Name | Data type | Extended details |
|---|---|---|---|
| Whether the IP being used by the user is known by the IPoid service | ip_reputation_ipoid_known |
boolean | |
| Number of clients associated with IP being used by the user | ip_reputation_client_count |
integer | Values are described by client.count at docs.spur.us. |
| List of behaviors associated with the IP being used by the user | ip_reputation_client_behaviors |
array | Values are described by client.behaviors at docs.spur.us. |
| List of proxy services associated with IP being used by the user | ip_reputation_client_proxies |
array | Values are described by client.proxies at docs.spur.us. |
| List of risks associated with the IP being used by the user | ip_reputation_risk_types |
array | Values are described by risks at docs.spur.us. |
| List of tunnel operators associated with the IP being used by the user | ip_reputation_tunnel_operators |
array | Values are described by tunnels at docs.spur.us. |
All variables have the value of null if the action is being performed by a permanent user (except for account creation).
Additionally, except for ip_reputation_ipoid_known, the variables are null if ip_reputation_ipoid_known is is not true.
Recommendations for use
Research was carried out into the effectiveness of this data in predicting if a user is blocked or if an edit is reverted. This research suggested that using the variables can help to better predict that an edit will be reverted, but that the variables are less useful for determining if an account would be blocked.
While the above research suggests that these variables can better predict if an edit will be reverted, an action matching these variables does not necessarily mean that the action being performed is inherently bad-faith. This is because users may be using a shared internet connection or need to use proxies to access the site. Additionally, the data may be out of date for IPs that are highly dynamic and may be reassigned to a good faith user.
We recommend:
- Use IPReputation variables in combination with other variables.
- Do not configure AbuseFilters to outright block actions based solely on IPReputation variables, instead you should flag the action or warn the user before taking the action.
- Try using IPReputation variables before using IPs and IP ranges in filter conditions.
If you have additional recommendations for using these variables, please add them to this page.