How To Block or Restrict User Using IP Address In Laravel 10

Hi Developers,

Lets see How To Block or Restrict User Using IP Address In Laravel 10. Laravel Security features allows the users to restrict or block the user using the IP Address. Sometime we need to block any user from the IP Address to avoid any spam content to be loaded in our website. o implement IP address restrictions, website owners can use a variety of tools and techniques, such as firewalls, access control lists, or web application firewalls. This features will allow the developers to block or restrict the user from specific IP Address.

In This tutorial we are going to pass all the web request through the middleware and in the middleware we are going to restrict users using the IP Address.

Lets create the middleware by using the following command

php artisan make:middleware BlockIpMiddleware

Lets determine the functions to be done in the middleware,

Initially we are declaring all the IP Address we want to restrict in a public function ,

Then in the handle function, initially we are getting the IP Address form which the request is coming and then compares the current IP Address with the list of the IP Address using in_array() function. If the IP Address present in the array it show the restricted message. Else , It will pass and continue to execute the request.


app/Http/Middleware/BlockIpMiddleware.php

<?php

  

namespace App\Http\Middleware;

  

use Closure;

use Illuminate\Http\Request;

use Symfony\Component\HttpFoundation\Response;

  

class BlockIpMiddleware

{

    public $blockIps = ['127.0.0.1'];

  

    /**

     * Handle an incoming request.

     *

     * @param  \Illuminate\Http\Request  $request

     * @param  \Closure(\Illuminate\Http\Request): (\Illuminate\Http\Response|\Illuminate\Http\RedirectResponse)  $next

     * @return \Illuminate\Http\Response|\Illuminate\Http\RedirectResponse

     */

    public function handle(Request $request, Closure $next): Response

    {

        if (in_array($request->ip(), $this->blockIps)) {

            abort(403, "You are restricted to access the site.");

        }

  

        return $next($request);

    }

}

We should declare the middleware in the Kernel to use it globally throughout the project,


app/Http/Kernel.php

<?php

  

namespace App\Http;

  

use Illuminate\Foundation\Http\Kernel as HttpKernel;

  

class Kernel extends HttpKernel

{

    ....

  

    /**

     * The application's route middleware.

     *

     * These middleware may be assigned to groups or used individually.

     *

     * @var array

     */

    protected $routeMiddleware = [

        ....

        'blockIP' => \App\Http\Middleware\BlockIpMiddleware::class,

    ];

}

Declaring the middleware in the routes file and place all the routes you need to restrict using IP Address inside the middleware function


routes/web.php

<?php

  

use Illuminate\Support\Facades\Route;
use App\Http\Controllers\UserController;

   

/*

|--------------------------------------------------------------------------

| Web Routes

|--------------------------------------------------------------------------

|

| Here is where you can register web routes for your application. These

| routes are loaded by the RouteServiceProvider within a group which

| contains the "web" middleware group. Now create something great!

|

*/

    

Route::middleware(['blockIP'])->group(function () {

    Route::resource('users', UserController::class);

});

Lets run the project and enter the following URL in a browser it will show the restricted message,

hence the laravel project runs in the 127.0.0.1 (localhost => 127.0.0.1, ie; http://localhost:8000/users => http://127.0.0.1:8000/users ) and we have blocked this using the middleware .

http://localhost:8000/users

Recent Posts