PHPackages                             accentinteractive/laravel-blocker - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Security](/categories/security)
4. /
5. accentinteractive/laravel-blocker

ActiveLibrary[Security](/categories/security)

accentinteractive/laravel-blocker
=================================

Block bad bots and users that visit certain (exploit) urls for a set amount of time.

v2.0.0(1y ago)66.2k—0.7%3MITPHPPHP ^7.3|^7.4|^8.0CI failing

Since Jan 9Pushed 1y ago2 watchersCompare

[ Source](https://github.com/accentinteractive/laravel-blocker)[ Packagist](https://packagist.org/packages/accentinteractive/laravel-blocker)[ Docs](https://github.com/accentinteractive/laravel-blocker)[ RSS](/packages/accentinteractive-laravel-blocker/feed)WikiDiscussions main Synced today

READMEChangelogDependencies (6)Versions (7)Used By (0)

Block bad bots and IPs that visit exploit URLs
==============================================

[](#block-bad-bots-and-ips-that-visit-exploit-urls)

[![Latest Version on Packagist](https://camo.githubusercontent.com/7f9d2208baeb2f294c728cb8a1d56fa485fa6da79818330afa5adbc50befa6dd/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f616363656e74696e7465726163746976652f6c61726176656c2d626c6f636b65722e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/accentinteractive/laravel-blocker)[![Total Downloads](https://camo.githubusercontent.com/a5693b2f9220b441af689a699c11d25c0a3da3f8575891e218d45f56596ed0bd/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f616363656e74696e7465726163746976652f6c61726176656c2d626c6f636b65722e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/accentinteractive/laravel-blocker)[![GitHub Actions](https://github.com/accentinteractive/laravel-blocker/actions/workflows/main.yml/badge.svg)](https://github.com/accentinteractive/laravel-blocker/actions/workflows/main.yml/badge.svg)

Your application is hammered by malicious bots and visitors that try out exploit URLs. This package detects those and blocks their IP addresses. Blocked users are denied access to your application until their block expires.

1. Block exploit URLs like `/wp-admin` and `?invokefunction&function=call_user_func_array&vars[0]=phpinfo`.
2. Block user Agents like `Seznam`, `Flexbot` and `Mail.ru`.
3. Set the expiration time for IP blocks.

Installation
------------

[](#installation)

Step 1: Install the package via composer:

```
composer require accentinteractive/laravel-blocker
```

Step 2: Make sure to register the Middleware.

To use it on all requests, add it as the first option to the `web` section under `$middlewareGroups` in file app/Http/Kernel.php.

```
protected $middlewareGroups = [
    'web' => [
        \Accentinteractive\LaravelBlocker\Http\Middleware\BlockMaliciousUsers::class,
    ],
];
```

To use it on specific requests, add it to any group or to the `protected $middleware` property in file app/Http/Kernel.php.

```
protected $middleware = [
        \Accentinteractive\LaravelBlocker\Http\Middleware\BlockMaliciousUsers::class,
    ];
```

Step 3: Optionally publish the config file with:

```
php artisan vendor:publish --provider="Accentinteractive\LaravelBlocker\LaravelBlockerServiceProvider" --tag="config"

```

Step 4: there is no step 4 :)

Usage
-----

[](#usage)

The package uses auto discover. The package uses a middleware class that does the checking and blocking.

Config settings
---------------

[](#config-settings)

### Enabling checking

[](#enabling-checking)

You can enable or disable URL checking and User Agent checking in the published config file, or by setting these values in .env (enabled by default).

```
URL_DETECTION_ENABLED=true
USER_AGENT_DETECTION_ENABLED=true
```

### Expiration time

[](#expiration-time)

Set the block expiration time (in seconds) in the published config file, or by setting this value in .env (3600 seconds by default).

```
AI_BLOCKER_EXPIRATION_TIME=3600
```

### Define malicious URLs

[](#define-malicious-urls)

Define malicious URLs in the published config file, or by setting this value in .env, separated by a pipe. You need only use part of the malicious string. Matching is case insensitive.

Example: setting `wp-admin` will block both '/wp-admin', '/index.php/wp-admin/foo' and '/?p=wp-admin'.

Defaults: `call_user_func_array|invokefunction|wp-admin|wp-login|.git|.env|install.php|/vendor`

```
AI_BLOCKER_MALICIOUS_URLS='call_user_func_array|invokefunction|wp-admin|wp-login|.git|.env|install.php|/vendor'
```

### Define malicious User Agents

[](#define-malicious-user-agents)

Define malicious User Agents in the published config file, or by setting this value in .env, separated by a pipe. You need only use part of the malicious string. Matching is case insensitive.

Example: setting `seznam` will block User Agent 'Mozilla/5.0 (compatible; SeznamBot/3.2-test4; +)'.

```
AI_BLOCKER_MALICIOUS_USER_AGENTS='dotbot|linguee|seznam|mail.ru'
```

### Define storage class implementation

[](#define-storage-class-implementation)

By default, blocked IPs are stored in cache, using storage implementation `\Accentinteractive\LaravelBlocker\Services\BlockedIpStoreCache::class`.

You can set the storage class you wish to use in the published config file, or by setting this value in .env. You can choose from:

- \\Accentinteractive\\LaravelBlocker\\Services\\BlockedIpStoreCache
- \\Accentinteractive\\LaravelBlocker\\Services\\BlockedIpStoreDatabase

```
AI_BLOCKER_STORAGE_IMPLEMENTATION_CLASS='\Accentinteractive\LaravelBlocker\Services\BlockedIpStoreCache'
```

### Testing

[](#testing)

```
composer test
XDEBUG_MODE=coverage vendor/bin/phpunit tests --coverage-html code-coverage
```

### Changelog

[](#changelog)

Please see [CHANGELOG](CHANGELOG.md) for more information what has changed recently.

Contributing
------------

[](#contributing)

Please see [CONTRIBUTING](CONTRIBUTING.md) for details.

### Security

[](#security)

If you discover any security related issues, please email  instead of using the issue tracker.

Credits
-------

[](#credits)

- [Joost van Veen](https://github.com/accentinteractive)
- [All Contributors](../../contributors)

License
-------

[](#license)

The MIT License (MIT). Please see [License File](LICENSE.md) for more information.

Laravel Package Boilerplate
---------------------------

[](#laravel-package-boilerplate)

This package was generated using the [Laravel Package Boilerplate](https://laravelpackageboilerplate.com).

###  Health Score

40

—

FairBetter than 86% of packages

Maintenance49

Moderate activity, may be stable

Popularity30

Limited adoption so far

Community12

Small or concentrated contributor base

Maturity55

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 95.5% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~180 days

Recently: every ~224 days

Total

6

Last Release

372d ago

Major Versions

v0.2.2 → v1.0.02023-07-10

v1.0.0 → v2.0.02025-06-26

### Community

Maintainers

![](https://avatars.githubusercontent.com/u/356020?v=4)[Accent Interactive](/maintainers/accentinteractive)[@accentinteractive](https://github.com/accentinteractive)

---

Top Contributors

[![joostvanveen](https://avatars.githubusercontent.com/u/540294?v=4)](https://github.com/joostvanveen "joostvanveen (21 commits)")[![accentinteractive](https://avatars.githubusercontent.com/u/356020?v=4)](https://github.com/accentinteractive "accentinteractive (1 commits)")

---

Tags

accentinteractivelaravel-blocker

###  Code Quality

TestsPHPUnit

### Embed Badge

![Health badge](/badges/accentinteractive-laravel-blocker/health.svg)

```
[![Health](https://phpackages.com/badges/accentinteractive-laravel-blocker/health.svg)](https://phpackages.com/packages/accentinteractive-laravel-blocker)
```

###  Alternatives

[laravel/ai

The official AI SDK for Laravel.

1.0k3.2M193](/packages/laravel-ai)[roots/acorn

Framework for Roots WordPress projects built with Laravel components.

9762.4M131](/packages/roots-acorn)[illuminate/queue

The Illuminate Queue package.

21332.6M1.6k](/packages/illuminate-queue)[spatie/laravel-export

Create a static site bundle from a Laravel app

674146.0k6](/packages/spatie-laravel-export)[flarum/core

Delightfully simple forum software.

201.4M2.3k](/packages/flarum-core)[moonshine/moonshine

Laravel administration panel

1.3k253.1k81](/packages/moonshine-moonshine)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
