Banning by IP with php/mysql

Posted by incrediman on Stack Overflow See other posts from Stack Overflow or by incrediman
Published on 2010-06-06T22:23:51Z Indexed on 2010/06/06 22:32 UTC
Read the original article Hit count: 436

Filed under:
|
|

I want to be able to ban users by IP. My idea is to keep a list of IP's as rows in an BannedIPs table (the IP column would be an index).

To check users' IP's against the table, I will keep a session variable called $_SESSION['IP'] for each session. If on any request, $_SESSION['IP'] doesn't match $_SERVER['REMOTE_ADDR'], I will update $_SESSION['IP'] and check the BannedIPs table to see if the IP is banned. (A flag will also be saved as a session variable specifying whether or not the user is banned)

Here are the things I'm wondering:

  1. Does that sound like a good strategy with regards to speed and security (would someone be able to get around the IP ban somehow, other than changing IP's)?
  2. What's the best way to structure a mysql query that checks to see if a row exists? That is, what's the best way to query the db to see if a row with a certain IP exists (to check if it's banned)?
  3. Should I save the IP's as integers or strings?

Note that...

  • I estimate there will be between 1,000-10,000 banned IP's stored in the database.
  • $_SERVER['REMOTE_ADDR'] is the IP from which the current request was sent.

© Stack Overflow or respective owner

Related posts about php

Related posts about mysql