effilib/laravel-restrict-ip-middleware

A Laravel package to restrict access by IP addresses, CIDR ranges, route names, or URI patterns.

Maintainers

Package info

github.com/effilib/laravel-restrict-ip-middleware

pkg:composer/effilib/laravel-restrict-ip-middleware

Statistics

Installs: 11

Dependents: 0

Suggesters: 0

Stars: 0

Open Issues: 0

Security

Advisories: 0

Aikido package health analysis

1.0.2 2025-09-12 11:55 UTC

Requires

Requires (Dev)

MIT 5b47a3bea53cdf524340edc804e09905a58e9fc5

This package is auto-updated.

Last update: 2026-03-12 13:14:06 UTC

README

A Laravel middleware package to restrict access based on:

  • Exact IP addresses
  • CIDR ranges
  • Route names (supports wildcards)
  • URI patterns

This allows you to secure sensitive areas of your application, while still defining exception rules (whitelisted routes or URIs that always stay accessible).

๐Ÿ“ฆ Installation

Install via Composer:

composer require effilib/laravel-restrict-ip-middleware

Laravel will auto-discover the service provider.

โš™๏ธ Publish Configuration

Publish the configuration file:

php artisan vendor:publish --provider="Effilib\RestrictIp\Providers\RestrictIpServiceProvider" --tag=config

This will create:

config/effilib-restrict-ip.php

๐Ÿ”‘ Usage

Apply the middleware to routes or groups.

Default ruleset

use Effilib\RestrictIp\Middleware\RestrictIpMiddleware;

Route::get('/admin', fn () => 'Admin Area')
    ->middleware(RestrictIpMiddleware::class);

Custom ruleset

Route::get('/custom', fn () => 'Special Area')
    ->middleware(RestrictIpMiddleware::class . ':custom');

The middleware parameter (:custom) selects which ruleset from effilib-restrict-ip.php to apply.

๐Ÿ›  Configuration

Example config/effilib-restrict-ip.php:

return [

    // HTTP status code when access is denied
    'error_code' => 403,

    'rules' => [

        // Default ruleset
        'default' => [

            // Allowed exact IPs
            'allowed_ips' => [
                '127.0.0.1',
                '::1',
            ],

            // Allowed CIDR ranges
            'allowed_cidrs' => [
                // '192.168.0.0/24',
            ],

            // Exception: always allow these route names (supports wildcards)
            'allowed_routes' => [
                // 'healthcheck',
                // 'api.*',
            ],

            // Exception: always allow these URI patterns
            'allowed_uri_patterns' => [
                // 'status*',
                // 'public/*',
            ],
        ],

        // Example custom ruleset
        'custom' => [
            'allowed_ips' => ['10.0.0.1'],
            'allowed_uri_patterns' => ['public-reports/*'],
        ],
    ],
];

๐Ÿ”’ How it works

The middleware checks in this order:

  1. Allowed route names โ†’ if matched, always allowed
  2. Allowed URI patterns โ†’ if matched, always allowed
  3. Exact IP addresses โ†’ if matched, allowed
  4. CIDR ranges โ†’ if matched, allowed
  5. Otherwise denied โ†’ returns configured error code (default: 403)

๐Ÿงช Example

// routes/web.php

use Effilib\RestrictIp\Middleware\RestrictIpMiddleware;

Route::middleware([RestrictIpMiddleware::class])->group(function () {
    Route::get('/admin', fn () => 'Admin dashboard');
    Route::get('/settings', fn () => 'System settings');
});

// Healthcheck route always accessible
Route::get('/healthcheck', fn () => 'OK')
    ->name('healthcheck');

With this setup:

  • /admin and /settings require a matching IP or CIDR

๐Ÿ“œ License

MIT License ยฉ Effilib