Banning by IP with php/mysql
- by incrediman
I want to be able to ban users by IP. My idea is to keep a list of IP's as rows in an BannedIPs table (the IP column would be an index).
To check users' IP's against the table, I will keep a session variable called $_SESSION['IP'] for each session. If on any request, $_SESSION['IP'] doesn't match $_SERVER['REMOTE_ADDR'], I will update $_SESSION['IP'] and check the BannedIPs table to see if the IP is banned. (A flag will also be saved as a session variable specifying whether or not the user is banned)
Here are the things I'm wondering:
Does that sound like a good strategy with regards to speed and security (would someone be able to get around the IP ban somehow, other than changing IP's)?
What's the best way to structure a mysql query that checks to see if a row exists? That is, what's the best way to query the db to see if a row with a certain IP exists (to check if it's banned)?
Should I save the IP's as integers or strings?
Note that...
I estimate there will be between 1,000-10,000 banned IP's stored in the database.
$_SERVER['REMOTE_ADDR'] is the IP from which the current request was sent.