Block requests from specified IPs in Laravel 5.

v6.0.0 2021-02-17 15:44 UTC

This package is auto-updated.

Last update: 2024-05-17 22:46:39 UTC


Latest Version on Packagist Software License Build Status

Block requests from specified IPs quick and easy in Laravel. Highly customizable.

Version Compatibility

Laravel blockip
5.3.x 1.x.x
5.4.x 2.x.x
5.5/5.6/5.7/5.8 3.x.x
^6.0 4.x.x
^7.0 5.x.x
^8.0 6.x.x


Via Composer

$ composer require olssonm/blockip

Add the service provider to the providers array in config/app.php (auto-detection also available in newer Laravel-versions).


    'providers' => [


This backage sets up the blockip-middleware for use in your application. All routes that uses the middlareware is protected from unwanted requests.

Use in a group


    Route::group(['middleware' => 'blockip'], function() {
        Route::get('/', ['as' => 'start', 'uses' => 'StartController@index']);
        Route::get('/page', ['as' => 'page', 'uses' => 'StartController@page']);

Singe route


    Route::get('/', [
        'as' => 'start',
        'uses' => 'StartController@index',
        'middleware' => 'blockip'


Run the command $ php artisan vendor:publish --provider="Olssonm\Blockip\BlockipServiceProvider" to publish the packages configuration. In config/blockip.php you can edit your settings:


return [

    // IPs to block
    'ips' => [
        '',   // an example of a single IP
        ''      // an example of an IP-range with CIDR-notation

    // Message for blocked requests
    'error_message'     => '401 Unauthorized.',

    // Uncomment to use a view instead of plaintext message
    // 'error_view'     => 'blockip::default',

    // Environments where the middleware is active
    'envs'              => [

    // Main handler for the getIp(), getIpsToBlock() and getError-methods().
    // Check the documentation on how to customize this to your liking.
    'handler'           => Olssonm\Blockip\Handlers\BlockipHandler::class,


Everything here is pretty much self explanatory, but because the blockip-handler is customizable you can pretty much change every aspect of the middleware.

If you want to write your own handler, you should implement the Olssonm\Blockip\Handlers\BaseHandler-interface, like so:


use Olssonm\Blockip\Handlers\BaseHandler;

class MyHandler implements BaseHandler {

     * @return string
    public function getIp() {
        // Method to retrieve the request IP

     * @return array
    public function getIpsToBlock() {
        // Method to set what IPs to be blocked

     * @return response
    public function getError() {
        // Method to set the response

Using the system you have the ability to for example make your getIpsToBlock()-method check IPs from an API, your getError() return a JSON-response etc. etc.

Note: the default handler already checks for the special HTTP_CF_CONNECTING_IP-header when using the Cloudflare CDN.


$ composer test


$ phpunit

Laravel always runs in the "testing" environment while running tests. Make sure that testing is set in the envs-array in blockip.php.


The MIT License (MIT). Please see License File for more information.

© 2021 Marcus Olsson.