Ideas to compact these lists.<p>1) Observe that in the merged CIDR list, the last octet is almost always zero and the network bitmask length is almost always 24 or less. Therefore, use the last octet to hold the mask length so the entire allocation fits in one 32 bit integer address. For example:<p><pre><code> 23.124.16.0/20 would be stored as 23.124.16.20
</code></pre>
2) Note that the max possible network mask length is 32 (24 using our compact notation). In many cases, it is more efficient to store only the networks that do *not* match the desired allocation. For example, if 23.124.0.0/16 thru 23.124.255.0/24 all match <i>except</i> 23.124.16.0/20 does not, add 32 to the network mask length in the last octet to serve as a negative flag and then 8 individual network entries can be condensed into only one single negative entry:<p><pre><code> 23.124.16.52
</code></pre>
With these changes, a modified CIDR list can be compacted and stored and searched very efficiently on the server. Obviously, the search routine has to be fully aware of the compact format rules being used.<p>Web service providers throw a monkey wrench into this entire concept. In most cases, foreign hackers can easily rent an address that is inside your allowed access list.