User:FT2/AFM


 * Filter writers manual for AbuseFilter

Sources:
 * Abuse filter
 * Wikipedia talk:Abuse filter
 * Abuse filter/Instructions
 * mw:Extension:AbuseFilter/RulesFormat
 * Abusefilter
 * https://bugzilla.wikimedia.org/show_bug.cgi?id=15684 - introduction on bugzilla
 * Template:Abuse filter warning/doc - warning template info
 * Abuse filter/Sample2 - sample code
 * Abuse filter/Performance - evaluation and auditing

This page documents how AbuseFilter filters are written, the functions and expressions available, tips and tricks, and optimization and debugging.


 * Note: The AbuseFilter extension is under ongoing development; this page may sometimes need bringing up to date by technically skilled and experienced users.


 * Updates to AbuseFilter coding should be noted on /updates.

AbuseFilter
The AbuseFilter extension ("AF") is a powerful tool for anti-abuse purposes. It allows any user with access to specify a complex rule that will be tested on every edit, and if the criteria for that rule is met, then actions ranging from a log note, to warning and (potentially) removal of user rights or blocking, are automatically undertaken. Especially, AbuseFilter can intercept an edit before it is posted to the wiki, either warning or preventing it, asking users to check carefully, to be aware of some issue, or alerting them to the fact that anti-abuse action may be taken.

Care is needed since "false positives" and excessive server load are both major considerations. Knowledge of regular expression is useful in many cases, though by no means all.

Quick reference guide
(!: item; item; item...) X ? Y : Z (if X then Y else Z) rcount ip_in_range substr strpos str_replace

rcount(needle,haystack) rmwhitespace(text) ip_in_range(ip, range) contains_any(haystack,needle1,needle2,needle3) substr(subject, offset, length) strpos(haystack, needle) str_replace(subject, search, replace) set_var(var,value)

contains article_namespace article_prefixedtext rmwhitespace X in user_groups contains_any(TEXT,ITEM1, ITEM2, ITEM3, ...) edit_delta old_wikitext added_lines removed_lines old_size

accountname' => 'This variable is used only during account creation and contains the username of the newly created account', movedfrom-id' => 'Paraphrase: The page ID of the page to be moved', movedfrom-ns' => 'Paraphrase: Namespace of the page that is to be moved', movedfrom-text' => 'Paraphrase: Name of the page that is to be moved', movedfrom-prefixedtext' => 'Paraphrase: Full name of the page that is to be moved', movedto-id' => 'Paraphrased: Page ID of the destination of the page that is to be moved', movedto-ns' => 'Paraphrased: Namespace of the destination of the page that is to be moved', movedto-text' => 'Paraphrased: Name of the destination of the page that is to be moved', movedto-prefixedtext' => 'Paraphrased: Full name of the destination of the page that is to be moved', restrictions-edit' => 'This variable contains the level of protection required to edit the page. ("Edit" here is not a verb, but an adjective, like "Edit-related protection level")', restrictions-move' => 'This variable contains the level of protection required to move the page. ("Move" here is not a verb, but an adjective, like "Move-related protection level")',

history' => '"Change history" is the "history of changes"', history-enabled' => '', history-timestamp' => 'Used in history page of a filter. ', history-user' => '', history-comments' => '', history-deleted' => '', history-select-user' => '', exception-expectednotfound' => "Errormessage from the abuse filter parser.

Group by (for throttling): (For example, using 'ip,page', X filter matches in Y seconds from the same IP address to the same page will be required to trip the remainder of the actions.) ip — IP address. user — User account. range — /16 range. creationdate — Creation date, server time. editcount — Edit count — hack so that you can detect distinct users. site — The whole site. page — Page

Actions: range-blocking - blocks a /16 tags appear on all RC, feeds, edits, contribs etc. warnings - see Template:Abuse filter warning/doc


 * [check: any function for "integer" or "integer division"?]
 * [ is (^: ...) or (**: ...) okay?]
 * [ How does ";" work in logical and/or/etc? Is a final ";" before the closing ")" needed? What if an expression includes a ";" itself?
 * Does if..then have an "end" in the statement?
 * How do variables and expressions work?
 * === == and = (=== is type sensitive, is this same as case sensitive? == and = are same. := is assignment)
 * funcSetVar
 * Variable typing? "list" variable type? "Null"?