Back to Blog 2 min read

Restrict User With IP in Laravel V10

We can easily restrict users with Ips in any laravel application. Restriction means you want to make your web application for a few users whose IPs you have added to the system. Then it's very easy....

Gurpreet Kait

Gurpreet Kait

Author

We can easily restrict users with Ips in any laravel application. Restriction means you want to make your web application for a few users whose IPs you have added to the system. Then it's very easy.

We need to make a middleware that will verify the IP addresses and redirect the user accordingly.

Create A Middleware

I assume that you know how to create a project in Laravel if you don't please look at the documentation.

//create project
composer create-project laravel/laravel app

php artisan make:middleware AllowOnlySpecificIPsMiddleware

Then add this code to the middleware PHP file.

<?php

namespace App\Http\Middleware;

use App\Models\AllowedIp;
use Closure;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Log;
use Symfony\Component\HttpFoundation\Response;

class AllowOnlySpecificIPsMiddleware
{
    /**
     * Handle an incoming request.
     *
     * @param  \Closure(\Illuminate\Http\Request): (\Symfony\Component\HttpFoundation\Response)  $next
     */
    public function handle($request, Closure $next)
    {
        $allowedIPs = AllowedIp::all()->pluck('ip_address')->toArray();
        $clientIP = $request->ip();
        $clientIP = $request->header('CF-Connecting-IP', $request->ip());
        Log::info("client ip $clientIP " . json_encode($request));
        if (in_array($clientIP, $allowedIPs)) {
            return $next($request);
        }
        abort(403, 'Unauthorized. Your IP address is not allowed');
    }
}

Explanation: Let me explain what we just did in the above code. We table called allowed_ip which has been represented by AllowedIp The model that we are using in the code AllowedIp::all()->pluck('ip_address')->toArray();

Now we are getting the client IP from $request->IP() variable. After comparing if the IP exists in the table we can return the request else we will return a 403 (Reequest is unauthorized) error.

Now you can use this middleware in your routes.

Conclusion

I hope this article helps you. I just wrote this article to the point you may need to register this to use in routes etc. Thanks for reading.

How to use Middleware In Laravel v8