Laravel 9 Restrict User Access from IP Address Tutorial

In this article, we will be covering Laravel 9 restrict user access from IP. We have taken a simple example of Laravel 9 restrict IP address to access user. Sometimes, we want to restrict or block specific IP addresses from accessing the website. In this tutorial example, we will be creating one middleware as “BlockIpMiddleware” and we will be using that middleware on every secure API and URL

Step 1: Install Laravel

If you have not installed the laravel app, then go ahead and execute the below command:

composer create-project laravel/laravel example-app

Step 2: Create Middleware

Open the terminal and run below command to create BlockIpMiddleware middleware file, so let’s run below command:

php artisan make:middleware BlockIpMiddleware

Now, we have created new BlockIpMiddleware.php file. Add block IP’s on $blockIps array list. Update following code on this file.

app/Http/Middleware/BlockIpMiddleware.php

<?php
  
namespace App\Http\Middleware;
use Closure;
use Illuminate\Http\Request;
class BlockIpMiddleware
{
    public $blockIps = ['whitelist-ip-1', 'whitelist-ip-2', '127.0.0.1'];
  
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure(\Illuminate\Http\Request): (\Illuminate\Http\Response|\Illuminate\Http\RedirectResponse)  $next
     * @return \Illuminate\Http\Response|\Illuminate\Http\RedirectResponse
     */
    public function handle(Request $request, Closure $next)
    {
        if (in_array($request->ip(), $this->blockIps)) {
            abort(403, "You are restricted to access the site.");
        }
  
        return $next($request);
    }
}

Read Also: Laravel 9 Yajra Datatables Example Tutorial

Step 3: Register Middleware

Now, register the middleware on Kernel.php file. we will call blockIP of new created middleware. Update the following file.

app/Http/Kernel.php

<?php
namespace App\Http;
use Illuminate\Foundation\Http\Kernel as HttpKernel;
  
class Kernel extends HttpKernel
{
    ....
  
    /**
     * The application's route middleware.
     *
     * These middleware may be assigned to groups or used individually.
     *
     * @var array
     */
    protected $routeMiddleware = [
        ....
        'blockIP' => \App\Http\Middleware\BlockIpMiddleware::class,
    ];
}

Step 4: Use Middleware

We will be creating one route and show you how to use middleware in route file. Open your route file and update following code:

routes/web.php

<?php
use Illuminate\Support\Facades\Route;
  
use App\Http\Controllers\RSSFeedController;
use App\Http\Controllers\UserController;
   
/*
|--------------------------------------------------------------------------
| Web Routes
|--------------------------------------------------------------------------
|
| Here is where you can register web routes for your application. These
| routes are loaded by the RouteServiceProvider within a group which
| contains the "web" middleware group. Now create something great!
|
*/
    
Route::middleware(['blockIP'])->group(function () {
    Route::resource('users', UserController::class);
    Route::resource('rss', RSSFeedController::class);
});

 Run Laravel App

Type the given below command and hit enter to run the Laravel app:

php artisan serve

Now, navigate to your web browser, type the given URL and view the app output:

You will find following layout:

restricted to access the site