monicahq / laravel-cloudflare
Add Cloudflare ip addresses to trusted proxies for Laravel.
Fund package maintenance!
asbiin
Installs: 1 724 213
Dependents: 6
Suggesters: 0
Security: 0
Stars: 276
Watchers: 5
Forks: 29
Open Issues: 3
Requires
- php: ^7.4 || ^8.0
- illuminate/support: ^8.0 || ^9.0 || ^10.0 || ^11.0
Requires (Dev)
- guzzlehttp/guzzle: ^6.3 || ^7.0
- larastan/larastan: ^1.0 || ^2.4
- mockery/mockery: ^1.4
- ocramius/package-versions: ^1.5 || ^2.1
- orchestra/testbench: ^6.0 || ^7.0 || ^8.0 || ^9.0
- phpstan/phpstan-deprecation-rules: ^1.0
- phpstan/phpstan-phpunit: ^1.0
- phpstan/phpstan-strict-rules: ^1.0
- phpunit/phpunit: ^9.5 || ^10.0 || ^11.0
- vimeo/psalm: ^4.0 || ^5.6
Suggests
- guzzlehttp/guzzle: Required to get cloudflares ip addresses (^6.5.5|^7.0).
README
Add Cloudflare ip addresses to trusted proxies for Laravel.
Installation
- Install package using composer:
composer require monicahq/laravel-cloudflare
- Configure Middleware
Replace TrustProxies
middleware in your bootstrap/app.php
file:
->withMiddleware(function (Middleware $middleware) { $middleware->replace( \Illuminate\Http\Middleware\TrustProxies::class, \Monicahq\Cloudflare\Http\Middleware\TrustProxies::class ); })
Custom proxies callback
You can define your own proxies callback by calling the LaravelCloudflare::getProxiesUsing()
to change the behavior of the LaravelCloudflare::getProxies()
method.
This method should typically be called in the boot
method of your AppServiceProvider
class:
use Illuminate\Support\ServiceProvider; use Monicahq\Cloudflare\LaravelCloudflare; use Monicahq\Cloudflare\Facades\CloudflareProxies; class AppServiceProvider extends ServiceProvider { /** * Bootstrap any application services. */ public function boot(): void { LaravelCloudflare::getProxiesUsing(fn() => CloudflareProxies::load()); } }
How it works
The middleware uses Illuminate\Http\Middleware\TrustProxies as a backend.
When the cloudflare ips are detected, they are used as trusted proxies.
Refreshing the Cache
This package retrieves Cloudflare's IP blocks, and stores them in cache. When request comes, the middleware will get Cloudflare's IP blocks from cache, and load them as trusted proxies.
You'll need to refresh the cloudflare cache regularely to always have up to date proxy.
Use the cloudflare:reload
artisan command to refresh the IP blocks:
php artisan cloudflare:reload
Suggestion: add the reload command in the schedule
Add a schedule to your routes/console.php
file to refresh the cache, for instance:
use Illuminate\Support\Facades\Schedule; Schedule::command('cloudflare:reload')->daily();
View current Cloudflare's IP blocks
You can use the cloudflare:view
artisan command to see the cached IP blocks:
php artisan cloudflare:view
Option: publish the package config file
If you want, you can publish the package config file to config/laravelcloudflare.php
:
php artisan vendor:publish --provider="Monicahq\Cloudflare\TrustedProxyServiceProvider"
This file contains some configurations, but you may not need to change them normally.
Running tests for your package
When running tests for your package, you generally don't need to get Cloudflare's proxy addresses.
You can deactivate the Laravel Cloudflare middleware by adding the following environment variable in
your .env
or phpunit.xml
file:
LARAVEL_CLOUDFLARE_ENABLED=false
Compatibility
Citations
This package was inspired by lukasz-adamski/laravel-cloudflare and forked from ogunkarakus/laravel-cloudflare.
License
Author: Alexis Saettler
This project is part of MonicaHQ.
Copyright © 2019–2024.
Licensed under the MIT License. View license.