Given web application, with authorized users and suppose there are users, like TROLLs, it's possible to lock one concrete account, but user can create another account and continue trolling.

Locking IP not guaranteed defense, because motivated TROLL can change IP and access site again, but it more laborious work.

And banned IP has also disadvantages, as another, innocent users may lock access for login on application, and this is why I am worried.

So, How Reasonable is locking IP address for web application  ? should do it? do you use for your web applications?

Given a web application with authorized users, suppose there are users, like trolls, it's possible to lock one account, but the user can create another account and continue trolling.

Blocking IP not guaranteed defense, because a motivated troll can change their IP and access site again, but it more laborious work.

And banning the IP has also disadvantages, as other innocent users may lock access to login to the application, and this is why I am worried.

So, how reasonable is blocking IP address for web application? should I do it? What do you use for your web applications?