PHPackages artisanbarista/laravel-shield - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. artisanbarista/laravel-shield ActiveLibrary[Security](/categories/security) artisanbarista/laravel-shield ============================= Block bad bots and users that visit certain (exploit) urls for a set amount of time. v6.0.0(1y ago)0758↓100%MITPHPPHP ^8.0CI failing Since Feb 21Pushed 1y ago1 watchersCompare [ Source](https://github.com/artisanbarista/laravel-shield)[ Packagist](https://packagist.org/packages/artisanbarista/laravel-shield)[ Docs](https://github.com/artisanbarista/laravel-shield)[ RSS](/packages/artisanbarista-laravel-shield/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (4)Dependencies (6)Versions (24)Used By (0) Block bad bots and IPs that visit exploit URLs ============================================== [](#block-bad-bots-and-ips-that-visit-exploit-urls) Your application is hammered by malicious requests that try out exploit URLs. This package detects those and blocks their IP addresses. Blocked users are denied access to your application until their block expires. 1. Block exploit URLs like `/wp-admin` and `?invokefunction&function=call_user_func_array&vars[0]=phpinfo`. 2. Block user Agents like `Seznam`, `Flexbot` and `Mail.ru`. 3. Set the expiration time for IP blocks. 4. Set IP whitelist/blacklist. Installation ------------ [](#installation) Step 1: Install the package via composer: ``` composer require artisanbarista/laravel-shield ``` Step 2: Make sure to register the Middleware. To use it on all requests, add it as the first option to the `web` section under `$middlewareGroups` in file app/Http/Kernel.php. ``` protected $middlewareGroups = [ 'web' => [ \Artisanbarista\LaravelShield\Http\Middleware\BlockMaliciousUsers::class, ], ]; ``` To use it on specific requests, add it to any group or to the `protected $middleware` property in file app/Http/Kernel.php. ``` protected $middleware = [ \Artisanbarista\LaravelShield\Http\Middleware\BlockMaliciousUsers::class, ]; ``` Step 3: Optionally publish the config file with: ``` php artisan vendor:publish --provider="Artisanbarista\LaravelShield\LaravelShieldServiceProvider" --tag="config" ``` Usage ----- [](#usage) The package uses auto discover. The package uses a middleware class that does the checking and blocking. Config settings --------------- [](#config-settings) ### Enabling shield [](#enabling-shield) You can enable or disable the shield in the published config file, or by setting the value in .env (enabled by default). ``` SHIELD_PROTECTION_ENABLED=true ``` ### Expiration time [](#expiration-time) Set the block expiration time (in seconds) in the published config file, or by setting this value in .env (3600 seconds by default). ``` SHIELD_EXPIRATION_TIME=3600 ``` ### Maximum Attempts [](#maximum-attempts) Set the maximum allowed number of malicious requests, before blocking the IP. Default is 5. You can change it in the config or the .env. ``` SHIELD_MAX_ATTEMPTS=5 ``` ### Define malicious URLs [](#define-malicious-urls) Define malicious URLs in the published config file. You need only use part of the malicious string. Matching is case insensitive. Example: setting `wp-admin` will block both '/wp-admin', '/index.php/wp-admin/foo' and '/?p=wp-admin'. ### Define malicious User Agents [](#define-malicious-user-agents) Define malicious User Agents in the published config file. Example: setting `seznam` will block User Agent 'Mozilla/5.0 (compatible; SeznamBot/3.2-test4; +)'. ### Define storage class implementation [](#define-storage-class-implementation) By default, blocked IPs are stored in cache, using storage implementation `\Artisanbarista\LaravelShield\Services\BlockedIpStoreRateLimiter::class`. You can create a different storage class you wish to use, and replace it in the config file, or by setting this value in .env: - \\Artisanbarista\\LaravelShield\\Services\\BlockedIpStoreRateLimiter ``` SHIELD_STORAGE_IMPLEMENTATION_CLASS='\Artisanbarista\LaravelShield\Services\BlockedIpStoreRateLimiter' ``` ### Testing [](#testing) ``` composer test XDEBUG_MODE=coverage vendor/bin/phpunit tests --coverage-html code-coverage ``` ### Changelog [](#changelog) Please see [CHANGELOG](CHANGELOG.md) for more information what has changed recently. Credits ------- [](#credits) - [ArtisanBarista](https://github.com/artisanbarista) - [Joost van Veen](https://github.com/accentinteractive) - [accentinteractive](https://github.com/accentinteractive) - [webdevartisan](https://github.com/webdevartisan) License ------- [](#license) The MIT License (MIT). Please see [License File](LICENSE.md) for more information. Laravel Package Boilerplate --------------------------- [](#laravel-package-boilerplate) This package was generated using the [Laravel Package Boilerplate](https://laravelpackageboilerplate.com). ### Health Score 35 — LowBetter than 79% of packages Maintenance45 Moderate activity, may be stable Popularity17 Limited adoption so far Community12 Small or concentrated contributor base Maturity56 Maturing project, gaining track record Bus Factor2 2 contributors hold 50%+ of commits How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~19 days Recently: every ~42 days Total 21 Last Release 424d ago Major Versions v1.0.0 → v2.0.02024-02-22 v2.0.2 → v3.0.02024-02-29 v3.3.0 → v4.0.02024-09-25 v4.0.0 → v5.0.02025-01-07 v5.0.1 → v6.0.02025-03-14 PHP version history (2 changes)v1.0.0PHP ^7.3|^7.4|^8.0 v3.0.0PHP ^8.0 ### Community Maintainers ![](https://www.gravatar.com/avatar/b433d063453614f72ca29c6b8b62b5b79c009228ec1dfd5672dd415fdbe02644?d=identicon)[artisanbarista](/maintainers/artisanbarista) --- Top Contributors [![webdevartisan](https://avatars.githubusercontent.com/u/160753900?v=4)](https://github.com/webdevartisan "webdevartisan (38 commits)")[![artisanbarista](https://avatars.githubusercontent.com/u/15884915?v=4)](https://github.com/artisanbarista "artisanbarista (22 commits)")[![joostvanveen](https://avatars.githubusercontent.com/u/540294?v=4)](https://github.com/joostvanveen "joostvanveen (20 commits)")[![accentinteractive](https://avatars.githubusercontent.com/u/356020?v=4)](https://github.com/accentinteractive "accentinteractive (1 commits)")[![LeonChris](https://avatars.githubusercontent.com/u/225108775?v=4)](https://github.com/LeonChris "LeonChris (1 commits)") --- Tags laravel-shieldartisanbarista ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/artisanbarista-laravel-shield/health.svg) ``` [![Health](https://phpackages.com/badges/artisanbarista-laravel-shield/health.svg)](https://phpackages.com/packages/artisanbarista-laravel-shield) ``` ### Alternatives [roots/acorn Framework for Roots WordPress projects built with Laravel components. 9682.1M97](/packages/roots-acorn)[laravel-zero/framework The Laravel Zero Framework. 3371.4M369](/packages/laravel-zero-framework)[orchestra/canvas Code Generators for Laravel Applications and Packages 21017.2M158](/packages/orchestra-canvas)[aedart/athenaeum Athenaeum is a mono repository; a collection of various PHP packages 255.2k](/packages/aedart-athenaeum)[erag/laravel-disposable-email A Laravel package to detect and block disposable email addresses. 226102.4k](/packages/erag-laravel-disposable-email)[tzsk/otp A secure, database-free One-Time Password (OTP) generator and verifier for PHP and Laravel. 241641.4k1](/packages/tzsk-otp) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)