Restrict application by IP

Published 8 months ago by ITellMyselfSecrets

Hi,

I want to restrict my application by IP adressen. How can I do that the best way?

I tried this in my controller, but I don't want to do that in all my controllers

public function __construct()
{
    protected $ips = [
        '65.202.143.122',
        '148.185.163.203',
    ];

    if (!in_array(request()->ip(), $ips) {
        return redirect('/');
    }
}

Thanks

Best Answer (As Selected By ITellMyselfSecrets)
bobbybouwmann

The only right way to do this is using a middleware. I once build a middleware for this which you can use ;)

<?php

namespace App\Http\Middleware;

use Closure;
use Symfony\Component\HttpFoundation\IpUtils;

class RedirectInvalidIPs
{
    /**
     * List of valid IPs.
     *
     * @var array
     */
    protected $ips = [
        '42.60.187.198',
        '188.102.29.159',
    ];

    /**
     * List of valid IP-ranges.
     *
     * @var array
     */
    protected $ipRanges = [
        '12.64.103.24',
    ];

    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request $request
     * @param  \Closure $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        foreach ($request->getClientIps() as $ip) {
            if (! $this->isValidIp($ip) && ! $this->isValidIpRange($ip)) {
                return redirect('/');
            }
        }

        return $next($request);
    }

    /**
     * Check if the given IP is valid.
     *
     * @param $ip
     * @return bool
     */
    protected function isValidIp($ip)
    {
        return in_array($ip, $this->ips);
    }

    /**
     * Check if the ip is in the given IP-range.
     *
     * @param $ip
     * @return bool
     */
    protected function isValidIpRange($ip)
    {
        return IpUtils::checkIp($ip, $this->ipRanges);
    }
}

Now you only need to adjust the ip address and append this middleware to all your route like so

// Kernel.php

protected $middleware = [
    \Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode::class,
    \Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
    \App\Http\Middleware\TrimStrings::class,
    \Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,

    \App\Http\Middleware\RedirectInvalidIPs::class,
];
bobbybouwmann

The only right way to do this is using a middleware. I once build a middleware for this which you can use ;)

<?php

namespace App\Http\Middleware;

use Closure;
use Symfony\Component\HttpFoundation\IpUtils;

class RedirectInvalidIPs
{
    /**
     * List of valid IPs.
     *
     * @var array
     */
    protected $ips = [
        '42.60.187.198',
        '188.102.29.159',
    ];

    /**
     * List of valid IP-ranges.
     *
     * @var array
     */
    protected $ipRanges = [
        '12.64.103.24',
    ];

    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request $request
     * @param  \Closure $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        foreach ($request->getClientIps() as $ip) {
            if (! $this->isValidIp($ip) && ! $this->isValidIpRange($ip)) {
                return redirect('/');
            }
        }

        return $next($request);
    }

    /**
     * Check if the given IP is valid.
     *
     * @param $ip
     * @return bool
     */
    protected function isValidIp($ip)
    {
        return in_array($ip, $this->ips);
    }

    /**
     * Check if the ip is in the given IP-range.
     *
     * @param $ip
     * @return bool
     */
    protected function isValidIpRange($ip)
    {
        return IpUtils::checkIp($ip, $this->ipRanges);
    }
}

Now you only need to adjust the ip address and append this middleware to all your route like so

// Kernel.php

protected $middleware = [
    \Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode::class,
    \Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
    \App\Http\Middleware\TrimStrings::class,
    \Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,

    \App\Http\Middleware\RedirectInvalidIPs::class,
];
Snapey
Snapey
8 months ago (993,685 XP)

Use this package is probably the quickest and easiest https://github.com/antonioribeiro/firewall

ITellMyselfSecrets

The middleware of @bobbybouwmann is perfect for this.

@Snapey I find the package a bit overkill. I only want to validate against an IP addresses. I also want to write the code a bit by myself so I can learn from it. From a package I don't learn anything

Snapey
Snapey
8 months ago (993,685 XP)

well you haven't written it yourself - but I take your point.

Please sign in or create an account to participate in this conversation.