PHPackages                             maxr/firewall - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Security](/categories/security)
4. /
5. maxr/firewall

ActiveLibrary[Security](/categories/security)

maxr/firewall
=============

A Laravel IP whitelisting and blacklisting

v2.2.5(7y ago)041BSD-3-ClausePHPPHP &gt;=5.6

Since Jan 31Pushed 7y agoCompare

[ Source](https://github.com/maximerat/firewall)[ Packagist](https://packagist.org/packages/maxr/firewall)[ RSS](/packages/maxr-firewall/feed)WikiDiscussions master Synced 2w ago

READMEChangelogDependencies (6)Versions (38)Used By (0)

Firewall 2.2
============

[](#firewall-22)

[![Latest Stable Version](https://camo.githubusercontent.com/8e0dbc4cca643b2cc1209382bbb34f496b3af73cf341f33621899eb3333d6c0f/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f707261676d6172782f6669726577616c6c2e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/pragmarx/firewall) [![License](https://camo.githubusercontent.com/a7d953c880516e66cbc40f3833498c010255e60ca0142114a22829dc66fe28e4/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6963656e73652d4253445f335f436c617573652d627269676874677265656e2e7376673f7374796c653d666c61742d737175617265)](LICENSE) [![Downloads](https://camo.githubusercontent.com/53274e02b26c24d892a1999735dfceee6a1ac01ddc7dfbe154f08bf40c6ca3dc/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f707261676d6172782f6669726577616c6c2e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/pragmarx/firewall) [![Code Quality](https://camo.githubusercontent.com/3ff140d248ff5b31951a977f9834dac229ed760678aa86dea6852042a93071c6/68747470733a2f2f696d672e736869656c64732e696f2f7363727574696e697a65722f672f616e746f6e696f7269626569726f2f6669726577616c6c2e7376673f7374796c653d666c61742d737175617265)](https://scrutinizer-ci.com/g/antonioribeiro/firewall/?branch=master) [![Build](https://camo.githubusercontent.com/f0fad982efb73e25f152a34e142dff78a63cd88eacac467b6f6367b2a684aa3b/68747470733a2f2f696d672e736869656c64732e696f2f7363727574696e697a65722f6275696c642f672f616e746f6e696f7269626569726f2f6669726577616c6c2e7376673f7374796c653d666c61742d737175617265)](https://scrutinizer-ci.com/g/antonioribeiro/firewall/?branch=master) [![Coverage](https://camo.githubusercontent.com/3ba405d18a789abf0d381ef7940336432cf6e66893af8cab7652aaa7fce0163e/68747470733a2f2f696d672e736869656c64732e696f2f7363727574696e697a65722f636f7665726167652f672f616e746f6e696f7269626569726f2f6669726577616c6c2e7376673f7374796c653d666c61742d737175617265)](https://scrutinizer-ci.com/g/antonioribeiro/firewall/?branch=master) [![StyleCI](https://camo.githubusercontent.com/46c6348727b84e511860989f4388c0f47a3593ac7a0df94807394f747f4e52e1/68747470733a2f2f7374796c6563692e696f2f7265706f732f31353239303839392f736869656c64)](https://styleci.io/repos/15290899)

Purpose
-------

[](#purpose)

This a "soft-firewall" package. Its purpose is to help people prevent unauthorized access to routes **by IP address**. It is able to keep track of IPs, countries and hosts (dynamic ip), and redirect non-authorized users to, for instance, a "Coming Soon" page, while letting whitelisted IPs to have access to the entire site. It is now also able to detect and block attacks (too many requests) from single IPs or whole countries.

This package can prevent some headaches and help you block some access to your apps, but cannot replace firewalls and appliances, for attacks at the network level, you'll still need a real firewall.

Features
--------

[](#features)

- Control access to routes and groups via black and white lists.
- Detect and block attacks to your application, from IP addresses or countries.
- Send Slack notifications in attack events.
- Allow whitelisted to access the whole site and send everyone else to a "coming soon page".
- Redirect blacklisted users to some other page.
- Use database or arrays to store IP lists.
- Whitelist your development machine using a dynamic DNS host name.
- Done using middleware, so you can protect/unprotect groups of routes.
- All features are available for hosts, IP addresses, ranges of IP addresses and whole countries.
- Super fast, less than 10ms increase in each request.
- Highly configurable.

Concepts
--------

[](#concepts)

### Blacklist

[](#blacklist)

All IP addresses in those lists will no be able to access routes filtered by the blacklist filter.

### Whitelist

[](#whitelist)

Those IP addresses, ranges or countries can

- Access blacklisted routes even if they are in a range of blacklisted IP addresses.
- Access 'allow whitelisted' filtered routes.
- If a route is filtered by the 'allow whitelisted' filter and the IP is not whitelisted, the request will be redirected to an alternative url or route name.

Attack Detection
----------------

[](#attack-detection)

[![attack](docs/attack.png)](docs/attack.png)

Firewall is able to detect simple attacks to your page, by counting requests from the same IP or country. Just enable it on your `config/firewall.php` and, to receive notifications, configure the Slack service in `config/services.php`:

```
'slack' => [
    'webhook_url' => env('SLACK_WEBHOOK_URL'),
],
```

and add the route notification method to your user model:

```
/**
 * Route notifications for the Slack channel.
 *
 * @return string
 */
public function routeNotificationForSlack()
{
    return config('services.slack.webhook_url');
}
```

IPs lists
---------

[](#ips-lists)

IPs (white and black) lists can be stored in array, files and database. Initially database access to lists is disabled, so, to test your Firewall configuration you can publish the config file and edit the `blacklist` or `whitelist` arrays:

```
'blacklist' => array(
    '127.0.0.1',
    '192.168.17.0/24'
    '127.0.0.1/255.255.255.255'
    '10.0.0.1-10.0.0.255'
    '172.17.*.*'
    'country:br'
    '/usr/bin/firewall/blacklisted.txt',
),
```

The file (for instance `/usr/bin/firewall/blacklisted.txt`) must contain one IP, range or file name per line, and, yes, it will search for files recursivelly, so you can have a file of files if you need:

```
127.0.0.2
10.0.0.0-10.0.0.100
/tmp/blacklist.txt

```

Redirecting non-whitelisted IP addresses
----------------------------------------

[](#redirecting-non-whitelisted-ip-addresses)

Non-whitelisted IP addresses can be blocked or redirected. To configure redirection you'll have to publish the `config.php` file and configure:

```
'redirect_non_whitelisted_to' => 'coming/soon',
```

Artisan Commands
----------------

[](#artisan-commands)

You have access to the following commands:

#### Global

[](#global)

```
  firewall:list         List all IP address, white and blacklisted.
  firewall:updategeoip  Update the GeoIP database.

```

#### When database is enabled

[](#when-database-is-enabled)

```
  firewall:blacklist          Add an IP address to blacklist.
  firewall:clear              Remove all ip addresses from white and black lists.
  firewall:remove             Remove an IP address from white or black list.
  firewall:whitelist          Add an IP address to whitelist.

```

Those are results from `firewall:list`:

```
+--------------+-----------+-----------+
| IP Address   | Whitelist | Blacklist |
+--------------+-----------+-----------+
| 10.17.12.7   |           |     X     |
| 10.17.12.100 |     X     |           |
| 10.17.12.101 |     X     |           |
| 10.17.12.102 |     X     |           |
| 10.17.12.200 |           |     X     |
+--------------+-----------+-----------+

```

```
+-----------------------+-----------+-----------+
| IP Address            | Whitelist | Blacklist |
+-----------------------+-----------+-----------+
| 172.0.0.0-172.0.0.255 |           |     X     |
| country:br            |           |     X     |
| host:mypc.myname.com  |     X     |           |
+-----------------------+-----------+-----------+

```

Facade
------

[](#facade)

You can also use the `Firewall Facade` to manage the lists:

```
$whitelisted = Firewall::isWhitelisted('10.17.12.1');
$blacklisted = Firewall::isBlacklisted('10.0.0.3');

Firewall::whitelist('192.168.1.1');
Firewall::blacklist('10.17.12.1', true); /// true = force in case IP is whitelisted
Firewall::blacklist('127.0.0.0-127.0.0.255');
Firewall::blacklist('200.212.331.0/28');
Firewall::blacklist('country:br');

if (Firewall::whichList($ip) !== false)  // returns false, 'whitelist' or 'blacklist'
{
    Firewall::remove($ip);
}
```

Return a blocking access response:

```
return Firewall::blockAccess();
```

Suspicious events will be (if you wish) logged, so `tail` it:

```
php artisan tail

```

Blocking Whole Countries
------------------------

[](#blocking-whole-countries)

You can block a country by, instead of an ip address, pass `country:`. So, to block all Brazil's IP addresses, you do:

```
php artisan firewall:blacklist country:br

```

You will have to add this requirement to your `composer.json` file:

```
"geoip/geoip": "~1.14"

```

or

```
"geoip2/geoip2": "~2.0"

```

You need to enable country search on your firewall.php config file:

```
'enable_country_search' => true,
```

And you can schedule this command to update your cities GeoIp database regularly:

```
php artisan firewall:updategeoip

```

You can find those codes here: [isocodes](http://www.spoonfork.org/isocodes.html)

Session Blocking
----------------

[](#session-blocking)

You can block users from accessing some pages only for the current session, by using those methods:

```
Firewall::whitelistOnSession($ip);
Firewall::blacklistOnSession($ip);
Firewall::removeFromSession($ip);
```

Playground &amp; Bootstrap App
------------------------------

[](#playground--bootstrap-app)

Click [here](http://pragmarx.com/firewall) to see it working and in case you need a help figuring out things, try [this repository](https://github.com/antonioribeiro/pragmarx.com).

[![playground](docs/playground.png)](docs/playground.png)

Installation
------------

[](#installation)

### Compatible with

[](#compatible-with)

- Laravel 4+ (version 1.\*)
- Laravel 5.0, 5.1, 5.2 and 5.3 (version 1.\*)
- Laravel 5.4, 5.5, 5.6 and 5.7 (version 2.\*)

### Installing

[](#installing)

Require the Firewall package using [Composer](https://getcomposer.org/doc/01-basic-usage.md):

```
composer require pragmarx/firewall

```

- Laravel 5.5 and up

    You don't have to do anything else, this package uses Package Auto-Discovery's feature, and should be available as soon as you install it via Composer.
- Laravel 5.4 and below

    Add the Service Provider and the Facade to your app/config/app.php:

```
PragmaRX\Firewall\Vendor\Laravel\ServiceProvider::class,
```

```
'Firewall' => PragmaRX\Firewall\Vendor\Laravel\Facade::class,
```

Add middlewares to your app/Http/Kernel.php

```
protected $routeMiddleware = [
    ...
    'fw-only-whitelisted' => \PragmaRX\Firewall\Middleware\FirewallWhitelist::class,
    'fw-block-blacklisted' => \PragmaRX\Firewall\Middleware\FirewallBlacklist::class,
    'fw-block-attacks' => \PragmaRX\Firewall\Middleware\BlockAttacks::class,
];
```

or

```
protected $middlewareGroups = [
    'web' => [
        ...
    ],

    'api' => [
        ...
    ],

    'firewall' => [
        \PragmaRX\Firewall\Middleware\FirewallBlacklist::class,
        \PragmaRX\Firewall\Middleware\BlockAttacks::class,
    ],
];
```

Then you can use them in your routes:

```
Route::group(['middleware' => 'fw-block-blacklisted'], function ()
{
    Route::get('/', 'HomeController@index');
});
```

Or you could use both. In the following example the allow group will give free access to the 'coming soon' page and block or just redirect non-whitelisted IP addresses to another, while still blocking access to the blacklisted ones.

```
Route::group(['middleware' => 'fw-block-blacklisted'], function ()
{
    Route::get('coming/soon', function()
    {
        return "We are about to launch, please come back in a few days.";
    });

    Route::group(['middleware' => 'fw-only-whitelisted'], function ()
    {
        Route::get('/', 'HomeController@index');
    });
});
```

**Note:** You can add other middleware you have already created to the new groups by simply adding it to the `fw-allow-wl` or `fw-block-bl` middleware group.

Migrate your database

```
php artisan migrate

```

**Warning:** If you already have a Firewall package installed and migrated, you need to update your migration name, in the `migrations` table, to `2014_02_01_311070_create_firewall_table`, otherwise the migrate command will fail tell you the table already exists.

To publish the configuration file you'll have to:

**Laravel 4**

```
php artisan config:publish pragmarx/firewall

```

**Laravel 5**

```
php artisan vendor:publish --provider="PragmaRX\Firewall\Vendor\Laravel\ServiceProvider"

```

TODO
----

[](#todo)

- Tests, tests, tests.

Author
------

[](#author)

[Antonio Carlos Ribeiro](http://twitter.com/iantonioribeiro)

License
-------

[](#license)

Firewall is licensed under the BSD 3-Clause License - see the `LICENSE` file for details

Contributing
------------

[](#contributing)

Pull requests and issues are more than welcome.

###  Health Score

31

—

LowBetter than 66% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity8

Limited adoption so far

Community15

Small or concentrated contributor base

Maturity70

Established project with proven stability

 Bus Factor1

Top contributor holds 93.1% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~53 days

Recently: every ~41 days

Total

35

Last Release

2728d ago

Major Versions

v0.5.4 → v1.0.02015-12-24

v1.1.0 → v2.0.02017-08-21

v1.1.1 → v2.2.02018-02-10

PHP version history (2 changes)v0.1.0PHP &gt;=5.3.7

v2.1.0PHP &gt;=5.6

### Community

Maintainers

![](https://avatars.githubusercontent.com/u/38426365?v=4)[Maxime Rat](/maintainers/maximerat)[@maximerat](https://github.com/maximerat)

---

Top Contributors

[![antonioribeiro](https://avatars.githubusercontent.com/u/3182864?v=4)](https://github.com/antonioribeiro "antonioribeiro (322 commits)")[![zek](https://avatars.githubusercontent.com/u/3463291?v=4)](https://github.com/zek "zek (6 commits)")[![maximerat](https://avatars.githubusercontent.com/u/38426365?v=4)](https://github.com/maximerat "maximerat (5 commits)")[![Hornet-Wing](https://avatars.githubusercontent.com/u/10299554?v=4)](https://github.com/Hornet-Wing "Hornet-Wing (3 commits)")[![RobertBoes](https://avatars.githubusercontent.com/u/2871897?v=4)](https://github.com/RobertBoes "RobertBoes (2 commits)")[![swilla](https://avatars.githubusercontent.com/u/304159?v=4)](https://github.com/swilla "swilla (2 commits)")[![mmeklin15](https://avatars.githubusercontent.com/u/19165277?v=4)](https://github.com/mmeklin15 "mmeklin15 (1 commits)")[![phroggyy](https://avatars.githubusercontent.com/u/7256451?v=4)](https://github.com/phroggyy "phroggyy (1 commits)")[![bryant1410](https://avatars.githubusercontent.com/u/3905501?v=4)](https://github.com/bryant1410 "bryant1410 (1 commits)")[![jamesggordon](https://avatars.githubusercontent.com/u/650785?v=4)](https://github.com/jamesggordon "jamesggordon (1 commits)")[![justplayingames](https://avatars.githubusercontent.com/u/29954155?v=4)](https://github.com/justplayingames "justplayingames (1 commits)")[![lloricode](https://avatars.githubusercontent.com/u/8251344?v=4)](https://github.com/lloricode "lloricode (1 commits)")

---

Tags

laravelblacklistfirewallwhitelist

###  Code Quality

TestsPHPUnit

### Embed Badge

![Health badge](/badges/maxr-firewall/health.svg)

```
[![Health](https://phpackages.com/badges/maxr-firewall/health.svg)](https://phpackages.com/packages/maxr-firewall)
```

###  Alternatives

[pragmarx/firewall

A Laravel IP whitelisting and blacklisting

1.4k1.0M](/packages/pragmarx-firewall)[akaunting/laravel-firewall

Web Application Firewall (WAF) package for Laravel

1.0k508.9k2](/packages/akaunting-laravel-firewall)[vcian/laravel-ip-gateway

Blacklist or Whitelist IP of your application routes.

431.4k](/packages/vcian-laravel-ip-gateway)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
