How to Restrict IP Address in Laravel 10 Code Example?




How to Restrict IP Address in Laravel 10 Code Example?

Hi dev,

Dear all, We shall discuss Laravel 10 block user access from IP in this article. You can see that Laravel 10 limits user access by IP address. You'll receive a straightforward example of blacklist ip middleware in Laravel 10 in this article. I outlined Laravel 10 middleware ip whitelist simply and step-by-step.

Some IP addresses may occasionally be restricted or blocked from accessing our website. In this article, I'll demonstrate how to build middleware and restrict URL access from specific IP addresses. Website owners can make sure that only authorised users can access their site or service by limiting access based on IP address. This is especially helpful for websites or services that cater to a particular geographic area or include sensitive or personal information. Website owners can employ a range of instruments and methods, such as firewalls, access control lists, or web application firewalls, to apply IP address limitations. These tools can be set up to deny access to a website or service from a range of IP addresses, or to block access from a specific IP address.

In this tutorial example, we will create one middleware as "BlockIpMiddleware" and we will use that middleware on every secure api and url. So just see bellow steps how to complete this things:

Step 1: Install Laravel

This step is not required; however, if you have not created the laravel app, then you may go ahead and execute the below command:

composer create-project laravel/laravel example-app

Step 2: Create Middleware

In this step, open terminal and run below command to create BlockIpMiddleware middleware file, so let's run below command:

php artisan make:middleware BlockIpMiddleware

Now, it's created new BlockIpMiddleware.php file. you have to add block ips on $blockIps array list. let's update following code on this file.



namespace App\Http\Middleware;

use Closure;

use Illuminate\Http\Request;

use Symfony\Component\HttpFoundation\Response;

class BlockIpMiddleware


public $blockIps = ['whitelist-ip-1', 'whitelist-ip-2', ''];


* Handle an incoming request.


* @param \Illuminate\Http\Request $request

* @param \Closure(\Illuminate\Http\Request): (\Illuminate\Http\Response|\Illuminate\Http\RedirectResponse) $next

* @return \Illuminate\Http\Response|\Illuminate\Http\RedirectResponse


public function handle(Request $request, Closure $next): Response


if (in_array($request->ip(), $this->blockIps)) {

abort(403, "You are restricted to access the site.");


return $next($request);



Step 3: Register Middleware

In this file, we need to register middleware on Kernel.php file. we will call blockIP of new created middleware. so let's update following file.



namespace App\Http;

use Illuminate\Foundation\Http\Kernel as HttpKernel;

class Kernel extends HttpKernel




* The application's route middleware.


* These middleware may be assigned to groups or used individually.


* @var array


protected $routeMiddleware = [


'blockIP' => \App\Http\Middleware\BlockIpMiddleware::class,



Step 4: Use Middleware

In this step, we will create one route and show you how to use middleware in route file. so let's open your route file and update following code:



use Illuminate\Support\Facades\Route;

use App\Http\Controllers\RSSFeedController;

use App\Http\Controllers\UserController;



| Web Routes



| Here is where you can register web routes for your application. These

| routes are loaded by the RouteServiceProvider within a group which

| contains the "web" middleware group. Now create something great!



Route::middleware(['blockIP'])->group(function () {

Route::resource('users', UserController::class);

Route::resource('rss', RSSFeedController::class);


Run Laravel App:

All the required steps have been done, now you have to type the given below command and hit enter to run the Laravel app:

php artisan serve

Now, Go to your web browser, type the given URL and view the app output:


#Laravel 10