Extension:AbuseFilter/Access flags - MediaWiki

Extension:AbuseFilter/Access flags - MediaWiki
Jump to content
From mediawiki.org
Extension:AbuseFilter
Translate this page
Languages:
polski
中文
The AbuseFilter extension allows privileged users to set specific controls on the visibility of filters and their associated log entries.
These controls are known as
Access Flags
Access flags are primarily used to hide filters that contain sensitive patterns (to prevent gaming of the system) or sensitive data (such as Personally Identifiable Information).
Permissions reference
edit
There are three distinct flags that can restrict access to a filter.
It is important to note that these flags are
additive
If a filter has multiple flags enabled (e.g., it is both Private and Suppressed), a user must possess the specific permissions for
all
active flags to view the filter or its logs.
To
modify
a filter, a user generally requires the standard
abusefilter-modify
right, plus the permissions required to
view
a filter's details based on the flags below.
AbuseFilter access flags
Flag name
Description
How it is applied
User right to view filter details
User right to view logs
Public
(Default)
The filter is visible to everyone.
Default state when no other flags are checked.
abusefilter-view
abusefilter-log-detail
Private
(Hidden)
Hides the filter logic and comments to prevent bad actors from learning how to bypass the rule.
Checked via the "Private" (or "Hide details") checkbox in the filter editor.
abusefilter-view-private
abusefilter-log-private
Protected
Restricts access because the filter uses sensitive variables (e.g., checking IPs on a wiki where Temporary Accounts are active).
Automatically applied when the filter code contains "protected variables".
abusefilter-access-protected-vars
abusefilter-protected-vars-log
Suppressed
Restricts access to highly sensitive information (e.g., PII). Logs are treated as auto-suppressed.
Checked via the "Suppressed" checkbox in the filter editor.
Requires
suppressrevision
to set.
viewsuppressed
viewsuppressed
Flag behavior and usage
edit
Private (hidden) filters
edit
MediaWiki version:
1.19
Marking a filter as "Private" is intended for anti-vandalism rules where revealing the exact regex or logic would allow vandals to slightly alter their behaviour to avoid detection.
This restricts the visibility of filter details (such as rules) and log details to those with rights typically granted only to
sysop
(admins) when using the default configuration.
Protected filters
edit
MediaWiki version:
1.43
This flag is not manually set by the user, it is determined by the
variables
used in the code box.
If a filter uses variables that are deemed private (for example, variables that reveal an IP address on a wiki that uses Temporary Accounts), the filter automatically becomes
Protected
This restricts the visibility of filter details (such as rules) and logs to those with rights typically granted only to
sysop
(admins) when using the default configuration.
Suppressed filters
edit
MediaWiki version:
1.46
Marking a filter as "Suppressed" is intended to be used when filters have rules that include someone's Personally Identifiable Information (PII).
This commonly applies to filters designed to prevent doxxing, as they by necessity may need to contain PII to prevent this from being posted to a wiki.
Suppression can also be used when the abuse log entries generated by a filter would contain the PII which filter is intended to protect, even if the rules themselves do not necessarily contain PII themselves.
When suppressed, a filter's details can only be viewed by suppressors (those with the
viewsuppressed
user right), and all abuse log entries associated with the filter are effectively automatically suppressed and do not require intervention from a human suppressor.
Retrieved from "
Extension
AbuseFilter/Access flags
Add topic