Laravel 9 Restrict User Access From Specific IP Address

Hello Artisan,

In this tutorial, I will cover a laravel 9 restrict user access from ip address tutorial. it's going to be a simple example of laravel 9 restrict ip address to access user. This article goes into detail on laravel 9 blacklist IP middleware tutorial. I want to share with you laravel 9 middleware ip whitelist example. Follow the below tutorial to learn steps of laravel 9 middleware block IP.

You know that sometimes, we want to restrict or block specific IP addresses or users to access our website. in this example, I will show how to create a custom middleware and block IP addresses to access URLs from using this middleware.

In this tutorial, we will create one middleware as "BlockIpMiddleware" and I will use that middleware on every secure API and URL. So just see below steps how to complete this thing:

Step 1: Create Middleware

In this step, open the terminal and run the below command to create the BlockIpMiddleware middleware file, so let's run below command:

php artisan make:middleware BlockIpMiddleware

Now update the newly created middleware like:

app/Http/Middleware/BlockIpMiddleware.php

namespace App\Http\Middleware;
  
use Closure;
use Illuminate\Http\Request;
  
class BlockIpMiddleware
{
    public $blockIps = ['whitelist-ip-1', 'whitelist-ip-2', '127.0.0.1'];
  
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure(\Illuminate\Http\Request): (\Illuminate\Http\Response|\Illuminate\Http\RedirectResponse)  $next
     * @return \Illuminate\Http\Response|\Illuminate\Http\RedirectResponse
     */
    public function handle(Request $request, Closure $next)
    {
        if (in_array($request->ip(), $this->blockIps)) {
            abort(403, "You are restricted to access the site.");
        }
  
        return $next($request);
    }
}

Read also: Upload Large CSV File using Queue Job Batching in Laravel

Step 2: Register Middleware

In this file, we need to register middleware on the Kernel.php file. we will call the blockIP of newly created middleware. so let's update the following file.

app/Http/Kernel.php

namespace App\Http;
  
use Illuminate\Foundation\Http\Kernel as HttpKernel;
  
class Kernel extends HttpKernel
{
    ....
  
    /**
     * The application's route middleware.
     *
     * These middleware may be assigned to groups or used individually.
     *
     * @var array
     */
    protected $routeMiddleware = [
        ....
        'blockIP' => \App\Http\Middleware\BlockIpMiddleware::class,
    ];
}

Step 3: Use Middleware in Route

In this step, we have to add this middleware in our route to protect the route from accessing users like:

routes/web.php

use Illuminate\Support\Facades\Route;
  
use App\Http\Controllers\RSSFeedController;
use App\Http\Controllers\UserController;
   
/*
|--------------------------------------------------------------------------
| Web Routes
|--------------------------------------------------------------------------
|
| Here is where you can register web routes for your application. These
| routes are loaded by the RouteServiceProvider within a group which
| contains the "web" middleware group. Now create something great!
|
*/
    
Route::middleware(['blockIP'])->group(function () {
    Route::resource('users', UserController::class);
    Route::resource('rss', RSSFeedController::class);
});

Read also: Laravel 9 Notification | Send Notification in Laravel

Hope it can help you.