What is the best way to ban someone's IP?

Long story short, I operate a golf wiki, and it's grown enough to have my first horrific and racist troll updating courses with wildly inappropriate things.

It's pretty clear that this person doesn't realize your full IP is posted with any anonymous edit.

Having never encountered this problem before, I'm trying to figure out an effective way of taking edit privileges away without the user trying to find a workaround.

First however, I need to know which IP to ban. I've been using request.access_route rather than request.remote_addr because it seems to be more complete, but I'm going to be honest that I'm not entirely sure whether that is necessary.

It seem like the best method would be to use request.access_route, but then to take the -1th list item from that list and ban that? Or should I simple ban the entire access route.

I don't want to accidentally ban the public library, but we don't exactly have access to mac addresses... so... I'm not entirely sure what to do.

Any advice from someone who is better informed on networking stuff?