Laravel middleware for whitelisting/blacklisting client IP addresses

1.6.0 2021-12-17 11:38 UTC

This package is auto-updated.

Last update: 2022-06-17 12:39:46 UTC


Latest Stable Version Latest Unstable Version Total Downloads License

Build Status Test Coverage Maintainability Quality Score StyleCI

Laravel middleware for whitelisting/blacklisting client IP addresses


  • PHP 7.3 or higher
  • Laravel 6 or higher


You can install the package via composer:

composer require orkhanahmadov/laravel-ip-middleware


Packages comes with WhitelistMiddleware and BlacklistMiddleware middlewares. You can register any or both of them in $routeMiddleware in app/Http/Kernel.php file:

protected $routeMiddleware = [
    // ...
    'ip_whitelist' => \Orkhanahmadov\LaravelIpMiddleware\WhitelistMiddleware::class,
    'ip_blacklist' => \Orkhanahmadov\LaravelIpMiddleware\BlacklistMiddleware::class,

Use middlewares in any of your routes and pass IP addresses.

Route::middleware('ip_whitelist:')->get('/', 'HomeController@index');
Route::middleware('ip_blacklist:')->get('/', 'PostController@index');
  • ip_whitelist middleware will block any requests where client IP not matching with whitelisted IPs.
  • ip_blacklist middleware will block requests coming from blacklisted IPs.

You can also pass multiple IP addresses separated with comma:

Route::middleware('ip_whitelist:,')->get('/', 'HomeController@index');

This will block all requests where client IP not matching whitelisted IP list.

Package also allows setting predefine IP list in config and use them with name:

// config/ip-middleware.php

'predefined_lists' = [
    'my-list-1' => ['', ''],
    'my-list-2' => ['', ''],
Route::middleware('ip_whitelist:my-list-1,my-list-2')->get('/', 'HomeController@index');
// you can also mix predefined list with additional IP addresses
Route::middleware('ip_whitelist:my-list-1,my-list-2,,')->get('/', 'PostController@index');


Run this command to publish package config file:

php artisan vendor:publish --provider="Orkhanahmadov\LaravelIpMiddleware\LaravelIpMiddlewareServiceProvider"

ip-middleware.php config file contains following settings:

  • ignore_environments - Middleware ignores IP checking when application is running in listed environments.
  • error_code - HTTP code that shown when request gets rejected.
  • custom_server_parameter - Custom $_SERVER parameter to look for IP address
  • predefined_lists - Predefined IP lists


composer test


Please see CHANGELOG for more information what has changed recently.


Please see CONTRIBUTING for details.


If you discover any security related issues, please email ahmadov90@gmail.com instead of using the issue tracker.



The MIT License (MIT). Please see License File for more information.