PHPackages                             fgreinus/antonioribeiro-firewall - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Security](/categories/security)
4. /
5. fgreinus/antonioribeiro-firewall

AbandonedArchivedLibrary[Security](/categories/security)

fgreinus/antonioribeiro-firewall
================================

A Laravel 4.1+ IP whitelisting and blacklisting

v1.1.1(9y ago)133BSD-3-ClausePHPPHP &gt;=5.3.7

Since Jan 31Pushed 9y ago1 watchersCompare

[ Source](https://github.com/fgreinus/antonioribeiro-firewall)[ Packagist](https://packagist.org/packages/fgreinus/antonioribeiro-firewall)[ RSS](/packages/fgreinus-antonioribeiro-firewall/feed)WikiDiscussions master Synced 4w ago

READMEChangelog (2)Dependencies (4)Versions (26)Used By (0)

Firewall
========

[](#firewall)

[![Latest Stable Version](https://camo.githubusercontent.com/8e0dbc4cca643b2cc1209382bbb34f496b3af73cf341f33621899eb3333d6c0f/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f707261676d6172782f6669726577616c6c2e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/pragmarx/firewall) [![License](https://camo.githubusercontent.com/a7d953c880516e66cbc40f3833498c010255e60ca0142114a22829dc66fe28e4/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6963656e73652d4253445f335f436c617573652d627269676874677265656e2e7376673f7374796c653d666c61742d737175617265)](LICENSE) [![Downloads](https://camo.githubusercontent.com/53274e02b26c24d892a1999735dfceee6a1ac01ddc7dfbe154f08bf40c6ca3dc/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f707261676d6172782f6669726577616c6c2e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/pragmarx/firewall)

#### A Laravel package to help you block IP addresses from accessing your application or just some routes

[](#a-laravel-package-to-help-you-block-ip-addresses-from-accessing-your-application-or-just-some-routes)

### Concepts

[](#concepts)

#### Blacklist

[](#blacklist)

All IP addresses in those lists will no be able to access routes filtered by the blacklist filter.

#### Whitelist

[](#whitelist)

Those IP addresses can

- Access blacklisted routes even if they are in a range of blacklisted IP addresses.
- Access 'allow whitelisted' filtered routes.
- If a route is filtered by the 'allow whitelisted' filter and the IP is not whitelisted, the request will be redirected to an alternative url or route name.

#### Playground &amp; Bootstrap App

[](#playground--bootstrap-app)

Click [here](http://pragmarx.com/firewall) to see it working and in case you need a help figuring out things, try [this repository](https://github.com/antonioribeiro/pragmarx.com).

Playground's screenshot:

[![playground](docs/playground.png)](docs/playground.png)

### Routes

[](#routes)

This package provides two middleware groups to use in your routes:

`'fw-block-bl'`: to block all blacklisted IP addresses to access filtered routes

`'fw-allow-wl'`: to allow all whitelisted IP addresses to access filtered routes

So, for instance, you could have a blocking group and put all your routes inside it:

```
Route::group(['middleware' => 'fw-block-bl'], function ()
{
    Route::get('/', 'HomeController@index');
});

```

Or you could use both. In the following example the allow group will give free access to the 'coming soon' page and block or just redirect non-whitelisted IP addresses to another, while still blocking access to the blacklisted ones.

```
Route::group(['middleware' => 'fw-block-bl'], function ()
{
    Route::get('coming/soon', function()
    {
        return "We are about to launch, please come back in a few days.";
    });

    Route::group(['middleware' => 'fw-allow-wl'], function ()
    {
        Route::get('/', 'HomeController@index');
    });
});

```

### IPs lists

[](#ips-lists)

IPs (white and black) lists can be stored in array, files and database. Initially database access to lists is disabled, so, to test your Firewall configuration you can publish the config file and edit the `blacklist` or `whitelist` arrays:

```
'blacklist' => array(
    '127.0.0.1',
    '192.168.17.0/24'
    '127.0.0.1/255.255.255.255'
    '10.0.0.1-10.0.0.255'
    '172.17.*.*'
    'country:br'
    '/usr/bin/firewall/blacklisted.txt',
),

```

The file (for instance `/usr/bin/firewall/blacklisted.txt`) must contain one IP, range or file name per line, and, yes, it will search for files recursivelly, so you can have a file of files if you need:

```
127.0.0.2
10.0.0.0-10.0.0.100
/tmp/blacklist.txt

```

### Redirecting non-whitelisted IP addresses

[](#redirecting-non-whitelisted-ip-addresses)

Non-whitelisted IP addresses can be blocked or redirected. To configure redirection you'll have to publish the `config.php` file and configure:

```
'redirect_non_whitelisted_to' => 'coming/soon',

```

### Artisan Commands

[](#artisan-commands)

To blacklist or whitelist IP addresses, use the artisan commands:

```
  firewall:list               List all IP address, white and blacklisted.

```

##### Exclusive for database usage

[](#exclusive-for-database-usage)

```
firewall
  firewall:blacklist          Add an IP address to blacklist.
  firewall:clear              Remove all ip addresses from white and black lists.
  firewall:remove             Remove an IP address from white or black list.
  firewall:whitelist          Add an IP address to whitelist.

```

This is a result from `firewall:list`:

```
+--------------+-----------+-----------+
| IP Address   | Whitelist | Blacklist |
+--------------+-----------+-----------+
| 10.17.12.7   |           |     X     |
| 10.17.12.100 |     X     |           |
| 10.17.12.101 |     X     |           |
| 10.17.12.102 |     X     |           |
| 10.17.12.200 |           |     X     |
+--------------+-----------+-----------+

```

\###Facade

You can also use the `Firewall Facade` to manage the lists:

```
$ip = '10.17.12.1';

$whitelisted = Firewall::isWhitelisted($ip);
$blacklisted = Firewall::isBlacklisted($ip);

Firewall::whitelist($ip);
Firewall::blacklist($ip, true); /// true = force in case IP is whitelisted

if (Firewall::whichList($ip))  // returns false, 'whitelist' or 'blacklist'
{
    Firewall::remove($ip);
}

```

Return a blocking access response:

```
return Firewall::blockAccess();

```

Suspicious events will be (if you wish) logged, so `tail` it:

```
php artisan tail

```

### Blocking Whole Countries

[](#blocking-whole-countries)

You can block a country by, instead of an ip address, pass `country:`. So, to block all Brazil's IP addresses, you do:

```
php artisan firewall:blacklist country:br

```

You will have to add this requirement to your `composer.json` file:

```
"geoip/geoip": "~1.14"

```

or

```
"geoip2/geoip2": "~2.0"

```

You can find those codes here: [isocodes](http://www.spoonfork.org/isocodes.html)

### Session Blocking

[](#session-blocking)

You can block users from accessing some pages only for the current session, by using those methods:

```
Firewall::whitelistOnSession($ip);
Firewall::blacklistOnSession($ip);
Firewall::removeFromSession($ip);

```

### Installation

[](#installation)

#### Compatible with

[](#compatible-with)

- Laravel 4+ and 5+

#### Installing

[](#installing)

Require the Firewall package using [Composer](https://getcomposer.org/doc/01-basic-usage.md):

```
composer require pragmarx/firewall

```

Add the Service Provider to your app/config/app.php:

```
PragmaRX\Firewall\Vendor\Laravel\ServiceProvider::class,

```

Add the Facade to your app/config/app.php:

```
'Firewall' => PragmaRX\Firewall\Vendor\Laravel\Facade::class,

```

Add the Middleware groups `fw-block-bl` and `fw-allow-wl` to your app/Http/Kernel.php

```
protected $middlewareGroups = [
        ...

        'fw-block-bl' => [
            \PragmaRX\Firewall\Middleware\FirewallBlacklist::class,
        ],
        'fw-allow-wl' => [
            \PragmaRX\Firewall\Middleware\FirewallWhitelist::class,
        ],
];

```

**Note:** You can add other middleware you have already created to the new groups by simply adding it to the `fw-allow-wl` or `fw-block-bl` middleware group.

Create the migration:

```
php artisan firewall:tables

```

Migrate it

```
php artisan migrate

```

To publish the configuration file you'll have to:

**Laravel 4**

```
php artisan config:publish pragmarx/firewall

```

**Laravel 5**

```
php artisan vendor:publish

```

### TODO

[](#todo)

- Tests, tests, tests.

### Author

[](#author)

[Antonio Carlos Ribeiro](http://twitter.com/iantonioribeiro)

### License

[](#license)

Firewall is licensed under the BSD 3-Clause License - see the `LICENSE` file for details

### Contributing

[](#contributing)

Pull requests and issues are more than welcome.

###  Health Score

30

—

LowBetter than 62% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity9

Limited adoption so far

Community13

Small or concentrated contributor base

Maturity68

Established project with proven stability

 Bus Factor1

Top contributor holds 90.3% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~48 days

Recently: every ~12 days

Total

24

Last Release

3424d ago

Major Versions

v0.5.4 → v1.0.02015-12-24

### Community

Maintainers

![](https://www.gravatar.com/avatar/66b7ba4883b966d7bf0014f8353156d29d7d76abaa4d05606f2cc374310a45e9?d=identicon)[fgreinus](/maintainers/fgreinus)

---

Top Contributors

[![antonioribeiro](https://avatars.githubusercontent.com/u/3182864?v=4)](https://github.com/antonioribeiro "antonioribeiro (121 commits)")[![zek](https://avatars.githubusercontent.com/u/3463291?v=4)](https://github.com/zek "zek (6 commits)")[![fgreinus](https://avatars.githubusercontent.com/u/1236785?v=4)](https://github.com/fgreinus "fgreinus (4 commits)")[![jamesggordon](https://avatars.githubusercontent.com/u/650785?v=4)](https://github.com/jamesggordon "jamesggordon (1 commits)")[![mmeklin15](https://avatars.githubusercontent.com/u/19165277?v=4)](https://github.com/mmeklin15 "mmeklin15 (1 commits)")[![phroggyy](https://avatars.githubusercontent.com/u/7256451?v=4)](https://github.com/phroggyy "phroggyy (1 commits)")

---

Tags

laravelblacklistfirewallwhitelist

### Embed Badge

![Health badge](/badges/fgreinus-antonioribeiro-firewall/health.svg)

```
[![Health](https://phpackages.com/badges/fgreinus-antonioribeiro-firewall/health.svg)](https://phpackages.com/packages/fgreinus-antonioribeiro-firewall)
```

###  Alternatives

[laravel/ai

The official AI SDK for Laravel.

1.0k2.1M165](/packages/laravel-ai)[pragmarx/firewall

A Laravel IP whitelisting and blacklisting

1.4k999.8k](/packages/pragmarx-firewall)[moonshine/moonshine

Laravel administration panel

1.3k239.9k76](/packages/moonshine-moonshine)[roots/acorn

Framework for Roots WordPress projects built with Laravel components.

9772.3M122](/packages/roots-acorn)[tzsk/otp

A secure, database-free One-Time Password (OTP) generator and verifier for PHP and Laravel.

242661.0k1](/packages/tzsk-otp)[harris21/laravel-fuse

Circuit breaker for Laravel queue jobs. Protect your workers from cascading failures.

43140.3k](/packages/harris21-laravel-fuse)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
