Ban IP, IP range, DNS or Agend with PHP (Laravel) and MySQL

Question

I want to implement a ban system. Firstly, I will create a filter that will make sure banned users are redirected to a page informing them about the ban. I use Laravel and MySQL as database. My table could look like this:

id, ip , range, dns, agent, reason, endofban

or like this

id, rule, reason, endofban

where reason could be a JSON string like this:

{ "ip": "123.22.12.*" }
{ "dns": "malicious.dns.com" }
{ "range": "123.22.12.0 - 123.22.14.0" }

The advantage of the last one is being more compact but I don't know if there's a fast way to check that JSON against the information of the visitor. I don't want to get all of it from the database then do a for loop to make sure no rule returns positive. I want to make the check in the database. This must be done every-time a page is loaded, so it must be fast. What do you think? Any other solution? Also, how would I check an IP range or wildcard in MySQL?

Answer 1

ip is redundant with range . A single IP is simply a range where the start and end are the same value.

I would create two values, ip_range_start and ip_range_end . Instead of storing strings, store the IP address as an integer (ie, the result of INET_ATON() ). Then, when you run your query you can say:

SELECT *
FROM AccessDenyList
WHERE INET_ATON('192.0.2.115') BETWEEN ip_start_range AND ip_end_range

Answer 2

Normalise your datastructure. The JSON is part of your (relational?) data, so save an IP as an IP, a range as a range, and query against that.

So make datatypes you can check against (in your database). This does mean you have to check with an OR for all these types (ip = xxxx OR dns = yyy or ip-inragne(zzz), but that's a given :)