miladev / ip-whitelist
Laravel middleware to allow only whitelisted IPs
Maintainers
Requires
- php: ^7.4|^8.0
- illuminate/support: ^8.0|^9.0|^10.0
This package is auto-updated.
Last update: 2026-06-15 06:20:48 UTC
README
Middleware for allowing or blocking requests based on configured IP lists.
Installation
composer require miladev/ip-whitelist
Laravel auto-discovers the service provider.
Publish Configuration
Publish the package config file if you want to change the allowed IPs:
php artisan vendor:publish --provider="miladev\\IpWhitelist\\IpWhitelistServiceProvider" --tag=config
This creates config/ip-whitelist.php.
Usage
Add the middleware to the routes or route groups you want to protect.
use miladev\IpWhitelist\Middleware\IpWhitelistMiddleware; Route::middleware([IpWhitelistMiddleware::class])->group(function () { Route::get('/dashboard', function () { return 'Allowed'; }); });
Then list the allowed IPs in config/ip-whitelist.php:
return [ 'allowed' => [ '127.0.0.1', '192.168.1.100', ], ];
If the request IP is not in the list, the middleware returns 403 with the message Your IP address is not allowed.
To block specific IPs instead, use the blacklist middleware:
use miladev\IpWhitelist\Middleware\IpBlacklistMiddleware; Route::middleware([IpBlacklistMiddleware::class])->group(function () { Route::get('/admin', function () { return 'Protected'; }); });
Then list blocked IPs in config/ip-whitelist.php:
return [ 'blocked' => [ '10.0.0.1', ], ];
If the request IP is in the blocked list, the middleware returns 403 with the message Your IP address is blocked.
Notes
- The middleware uses
Request::ip(), so trusted proxy configuration affects the detected client IP. - Keep the allow list tight and review it whenever your infrastructure changes.
Requirements
- PHP
^7.4 || ^8.0 - Laravel /
illuminate/support^8.0 || ^9.0 || ^10.0