How to Restrict User Access by IP Address in Laravel 11?
Securing Laravel application from unauthorized access can be crucial, especially if application contains sensitive or confidential information. One effective method is to restrict access based on IP addresses.
In this tutorial, we’ll walk through the steps to create middleware in Laravel 11 to block specific IP addresses. By the end of this guide, you’ll have a clear understanding of how to implement IP address restrictions in your Laravel application.
Why Restrict Access by IP Address?
Restricting access by IP address allows you to control who can access your website or API. This can be particularly useful for:
- Blocking malicious users.
- Restricting access to specific geographic regions.
- Allowing access only to trusted IP addresses, such as company intranets.
Steps to Implement IP Address Restriction in Laravel 11
Step 1 : Install Laravel 11 :
First, if you haven’t already set up a Laravel 11 application, you can create a new one using the following command :
composer create-project laravel/laravel TimeFormatterApp
Step 2 : Create Middleware :
Next, we’ll create a middleware to handle IP address blocking. Run the following Artisan command to generate the middleware :
php artisan make:middleware BlockIpMiddleware
This command creates a new file at app/Http/Middleware/BlockIpMiddleware.php.
Open this file and update it with the following code:
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Http\Request;
use Symfony\Component\HttpFoundation\Response;
class BlockIpMiddleware
{
public $blockIps = ['192.168.1.1', '203.0.113.0', '127.0.0.1']; // Add your blocked IP addresses here
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure(\Illuminate\Http\Request): (\Illuminate\Http\Response|\Illuminate\Http\RedirectResponse) $next
* @return \Illuminate\Http\Response|\Illuminate\Http\RedirectResponse
*/
public function handle(Request $request, Closure $next): Response
{
if (in_array($request->ip(), $this->blockIps)) {
abort(403, "You are restricted from accessing this site.");
}
return $next($request);
}
}
Step 3 : Register Middleware :
To make our middleware available throughout the application, we need to register it. Open bootstrap/app.php and update it as follows :
<?php
use Illuminate\Foundation\Application;
use Illuminate\Foundation\Configuration\Exceptions;
use Illuminate\Foundation\Configuration\Middleware;
return Application::configure(basePath: dirname(__DIR__))
->withRouting(
web: __DIR__.'/../routes/web.php',
commands: __DIR__.'/../routes/console.php',
health: '/up',
)
->withMiddleware(function (Middleware $middleware) {
$middleware->alias([
'blockIP' => \App\Http\Middleware\BlockIpMiddleware::class,
]);
})
->withExceptions(function (Exceptions $exceptions) {
// Exceptions here :
})->create();
Step 4 : Apply Middleware to Routes :
Now that the middleware is registered, we can apply it to specific routes or route groups. Open routes/web.php and update it to use the middleware :
<?php
use Illuminate\Support\Facades\Route;
use App\Http\Controllers\UserController;
use App\Http\Controllers\RSSFeedController;
Route::middleware(['blockIP'])->group(function () {
Route::resource('users', UserController::class);
Route::resource('rss', RSSFeedController::class);
});
Run Laravel Application :
With everything set up, you can now run your Laravel application :
php artisan serve
Navigate to http://localhost:8000/users in your web browser. If your IP address is in the block list, you will see a 403 Forbidden error. Otherwise, you should be able to access the routes as usual.
Conclusion :
By following this tutorial, you have successfully implemented IP address restrictions in your Laravel 11 application using middleware. This technique is a simple yet effective way to enhance the security of your application. Continue exploring and securing your Laravel projects with more advanced techniques and best practices.
Happy coding!
