Laravel 9 Restrict User Access From Specific IP Address

Hello Artisan,

In this tutorial, I will cover a laravel 9 restrict user access from ip address tutorial. it's going to be a simple example of laravel 9 restrict ip address to access user. This article goes into detail on laravel 9 blacklist IP middleware tutorial. I want to share with you laravel 9 middleware ip whitelist example. Follow the below tutorial to learn steps of laravel 9 middleware block IP.

You know that sometimes, we want to restrict or block specific IP addresses or users to access our website. in this example, I will show how to create a custom middleware and block IP addresses to access URLs from using this middleware.

In this tutorial, we will create one middleware as "BlockIpMiddleware" and I will use that middleware on every secure API and URL. So just see below steps how to complete this thing:



Step 1: Create Middleware

In this step, open the terminal and run the below command to create the BlockIpMiddleware middleware file, so let's run below command:

php artisan make:middleware BlockIpMiddleware


Now update the newly created middleware like:


namespace App\Http\Middleware;
use Closure;
use Illuminate\Http\Request;
class BlockIpMiddleware
    public $blockIps = ['whitelist-ip-1', 'whitelist-ip-2', ''];
     * Handle an incoming request.
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure(\Illuminate\Http\Request): (\Illuminate\Http\Response|\Illuminate\Http\RedirectResponse)  $next
     * @return \Illuminate\Http\Response|\Illuminate\Http\RedirectResponse
    public function handle(Request $request, Closure $next)
        if (in_array($request->ip(), $this->blockIps)) {
            abort(403, "You are restricted to access the site.");
        return $next($request);


Read also: Upload Large CSV File using Queue Job Batching in Laravel


Step 2: Register Middleware

In this file, we need to register middleware on the Kernel.php file. we will call the blockIP of newly created middleware. so let's update the following file.


namespace App\Http;
use Illuminate\Foundation\Http\Kernel as HttpKernel;
class Kernel extends HttpKernel
     * The application's route middleware.
     * These middleware may be assigned to groups or used individually.
     * @var array
    protected $routeMiddleware = [
        'blockIP' => \App\Http\Middleware\BlockIpMiddleware::class,


Step 3: Use Middleware in Route

In this step, we have to add this middleware in our route to protect the route from accessing users like:


use Illuminate\Support\Facades\Route;
use App\Http\Controllers\RSSFeedController;
use App\Http\Controllers\UserController;
| Web Routes
| Here is where you can register web routes for your application. These
| routes are loaded by the RouteServiceProvider within a group which
| contains the "web" middleware group. Now create something great!
Route::middleware(['blockIP'])->group(function () {
    Route::resource('users', UserController::class);
    Route::resource('rss', RSSFeedController::class);


Read also: Laravel 9 Notification | Send Notification in Laravel


Hope it can help you.


Facebook Github
A web enthusiastic, a self-motivated full-stack software engineer from Dhaka, Bangladesh with experience in developing applications using Laravel , React and Vue js