PHPackages                             pdphilip/cf-request - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [HTTP &amp; Networking](/categories/http)
4. /
5. pdphilip/cf-request

ActiveLibrary[HTTP &amp; Networking](/categories/http)

pdphilip/cf-request
===================

Cloudflare Laravel Request

v3.1.0(1mo ago)2725.6k↑43.8%1MITPHPPHP ^8.2CI passing

Since Sep 11Pushed 1mo ago1 watchersCompare

[ Source](https://github.com/pdphilip/cf-request)[ Packagist](https://packagist.org/packages/pdphilip/cf-request)[ Docs](https://github.com/pdphilip/cf-request)[ GitHub Sponsors](https://github.com/pdphilip)[ RSS](/packages/pdphilip-cf-request/feed)WikiDiscussions main Synced 1mo ago

READMEChangelog (8)Dependencies (30)Versions (28)Used By (1)

Cloudflare Laravel Request
==========================

[](#cloudflare-laravel-request)

[![Cloudflare Laravel Request](https://camo.githubusercontent.com/60c05d4b4592e8b3e1649b1b0ad058cb970146662f33d95e11461069eb3d619b/68747470733a2f2f63646e2e736e6970666f726d2e696f2f70647068696c69702f63662d726571756573742f63662d726571756573742e706e67)](https://camo.githubusercontent.com/60c05d4b4592e8b3e1649b1b0ad058cb970146662f33d95e11461069eb3d619b/68747470733a2f2f63646e2e736e6970666f726d2e696f2f70647068696c69702f63662d726571756573742f63662d726571756573742e706e67)[![Latest Version on Packagist](https://camo.githubusercontent.com/ca6a1135b460e4be8451863620a898b4cdf238e7ddc4127f57971cd9277f59d0/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f70647068696c69702f63662d726571756573742e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/pdphilip/cf-request)[![GitHub Tests Action Status](https://camo.githubusercontent.com/ed1f23c3cc6596e1362fd7fcb2db0877a47685dae621fa81fba614c326b2455d/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f616374696f6e732f776f726b666c6f772f7374617475732f70647068696c69702f63662d726571756573742f72756e2d74657374732e796d6c3f6272616e63683d6d61696e266c6162656c3d7465737473267374796c653d666c61742d737175617265)](https://github.com/pdphilip/cf-request/actions?query=workflow%3Arun-tests+branch%3Amain)[![Total Downloads](https://camo.githubusercontent.com/f1fcc74f4102bbdecd217c9db43a01a7b2fb663da3954ee1496af3aaf41d3d28/687474703a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f70647068696c69702f63662d726571756573742e737667)](https://packagist.org/packages/pdphilip/cf-request)

A drop-in replacement for Laravel's `Request` that extracts Cloudflare metadata - geolocation, device info, bot detection - from transform rule headers. Use it as a facade or inject it like a normal request.

```
public function register(CfRequest $request)
{
    if ($request->isBot()) {
        abort(403);
    }

    $country  = $request->country();   // 'US'
    $timezone = $request->timezone();  // 'America/New_York'
    $device   = $request->deviceType(); // 'mobile'
    $browser  = $request->browserName(); // 'Chrome'
}
```

Requirements
------------

[](#requirements)

- PHP 8.2+
- Laravel 10, 11, or 12
- Cloudflare as a proxy (works without it, CF-specific methods return null)

Installation
------------

[](#installation)

```
composer require pdphilip/cf-request
php artisan cf-request:install
```

Cloudflare Setup
----------------

[](#cloudflare-setup)

The package reads custom headers that Cloudflare injects via transform rules. You need to configure these rules on your Cloudflare zone.

Option 1: Via Cloudflare API (recommended)---

### Step 1: Get your Zone ID

[](#step-1-get-your-zone-id)

- Cloudflare dashboard &gt; select your domain
- Copy the **Zone ID** from the sidebar
- Save as `CF_API_ZONE_ID` in your `.env`

[![Zone ID location](https://camo.githubusercontent.com/3bd5e487dfaceeb903c76c48d7f819349ca1fcf99ab6fb42f3b794b6963613bd/68747470733a2f2f63646e2e736e6970666f726d2e696f2f70647068696c69702f63662d726571756573742f7a6f6e6549642e706e67)](https://camo.githubusercontent.com/3bd5e487dfaceeb903c76c48d7f819349ca1fcf99ab6fb42f3b794b6963613bd/68747470733a2f2f63646e2e736e6970666f726d2e696f2f70647068696c69702f63662d726571756573742f7a6f6e6549642e706e67)### Step 2: Create an API Token

[](#step-2-create-an-api-token)

- Go to
- Create Custom Token with these permissions:
    - Account &gt; Account Rulesets: **Edit**
    - Zone &gt; Transform Rules: **Edit**
    - Account Resources: All Accounts
    - Zone Resources: All Zones

[![Token permissions](https://camo.githubusercontent.com/bbed4a66bedc766dc403410da31491f446d874b58f006d13cf32879b0b21837b/68747470733a2f2f63646e2e736e6970666f726d2e696f2f70647068696c69702f63662d726571756573742f746f6b656e2d7065726d732e706e67)](https://camo.githubusercontent.com/bbed4a66bedc766dc403410da31491f446d874b58f006d13cf32879b0b21837b/68747470733a2f2f63646e2e736e6970666f726d2e696f2f70647068696c69702f63662d726571756573742f746f6b656e2d7065726d732e706e67)- Save the token as `CF_API_TOKEN` in your `.env`

### Step 3: Run the command

[](#step-3-run-the-command)

```
php artisan cf-request:headers
```

This creates a "Laravel Headers" transform rule on your zone with all required headers.

### Step 4: Verify

[](#step-4-verify)

```
php artisan cf-request:status
```

Shows a grouped table of every expected header and whether it's configured on Cloudflare.

---

Option 2: Manual setup on Cloudflare dashboard---

### Navigate to Transform Rules

[](#navigate-to-transform-rules)

- Cloudflare dashboard &gt; select your domain
- Rules &gt; Transform Rules &gt; Modify Request Header
- Create a Rule

### Rule configuration

[](#rule-configuration)

- **Name:** Laravel Headers
- **When:** All incoming requests
- **Then:** Set the following headers:

TypeHeaderExpressionSet dynamic`X-IP``ip.src`Set dynamic`X-ASN``ip.src.asnum`Set dynamic`X-AGENT``http.user_agent`Set dynamic`X-COUNTRY``ip.src.country`Set dynamic`X-CITY``ip.src.city`Set dynamic`X-REGION``ip.src.region`Set dynamic`X-CONTINENT``ip.src.continent`Set dynamic`X-POSTAL-CODE``ip.src.postal_code`Set dynamic`X-LAT``ip.src.lat`Set dynamic`X-LON``ip.src.lon`Set dynamic`X-TIMEZONE``ip.src.timezone.name`Set dynamic`X-REFERER``http.referer`Set dynamic`X-LANG``http.request.accepted_languages[0]`Set dynamic`X-BOT-CAT``cf.verified_bot_category`---

Usage
-----

[](#usage)

Use the `CfRequest` facade or inject `CfRequest $request` in place of Laravel's `Request`.

### Geolocation

[](#geolocation)

```
$request->country();    // 'AU' (ISO 3166-1 Alpha-2, validated)
$request->city();       // 'Sydney'
$request->region();     // 'New South Wales'
$request->continent();  // 'OC'
$request->postalCode(); // '2000'
$request->lat();        // '-33.8688'
$request->lon();        // '151.2093'
$request->geo();        // ['lat' => '-33.8688', 'lon' => '151.2093'] or null
$request->timezone();   // 'Australia/Sydney'
$request->isTor();      // true if traffic is from the Tor network
```

Country codes are validated against the ISO 3166-1 standard. Non-country values like `T1` (Tor) and `XX` (unknown) return `null` from `country()`, which also nulls all dependent geo fields. Use `isTor()` to detect Tor traffic specifically.

### Bot Detection

[](#bot-detection)

```
$request->isBot();      // true/false (CrawlerDetect + DeviceDetector)
$request->bot();        // 'Googlebot' or 'no_user_agent' or false

// CF verified bot category (all plans)
$request->verifiedBotCategory(); // 'search_engine', 'advertising', etc.
$request->isVerifiedBot();       // true/false

// CF bot score (Enterprise only)
$request->botScore();     // 0-99 integer or null
$request->botScoreData(); // ['score' => 99, 'is_bot' => false, 'key' => 'human', 'value' => '...']
```

Bot detection works without Cloudflare. The package uses [CrawlerDetect](https://github.com/JayBizzle/Crawler-Detect) (1,400+ bot patterns) as the primary check, with [DeviceDetector](https://github.com/matomo-org/device-detector) as a fallback. Requests with no User-Agent are flagged as bots.

### Device

[](#device)

```
$request->deviceType();  // 'desktop', 'mobile', 'tablet', 'tv'
$request->isMobile();    // true/false
$request->isTablet();    // true/false
$request->isDesktop();   // true/false
$request->isTv();        // true/false
$request->deviceBrand(); // 'Apple'
$request->deviceModel(); // 'iPhone'
```

### Browser

[](#browser)

```
$request->browser();        // 'Chrome 120.0'
$request->browserName();    // 'Chrome'
$request->browserVersion(); // '120.0'
$request->browserFamily();  // 'Chrome'
$request->browserData();    // full parsed array
```

### OS

[](#os)

```
$request->os();        // 'Mac 10.15'
$request->osName();    // 'Mac'
$request->osVersion(); // '10.15'
$request->osFamily();  // 'Mac'
$request->osData();    // full parsed array
```

### Language

[](#language)

```
$request->language();  // 'en_US' (from X-LANG header, falls back to Accept-Language)
$request->languages(); // ['en_US', 'en', 'de'] (from Accept-Language)
```

### Request Overrides

[](#request-overrides)

```
$request->getClientIp(); // prioritizes X-IP > CF-Connecting-IP > standard
$request->asn();         // 13335 (Autonomous System Number)
$request->userAgent();   // prioritizes X-AGENT > User-Agent
$request->referer();     // prioritizes X-REFERER > Referer
$request->refererDomain(); // 'google.com' (parsed from referer)
```

### Cloudflare

[](#cloudflare)

```
$request->detectCloudflare(); // true if CF-ray header is present
$request->getHeader('X-CUSTOM'); // read any header
```

Artisan Commands
----------------

[](#artisan-commands)

CommandDescription`cf-request:install`Publish config and register service provider`cf-request:headers`Create transform rule headers on Cloudflare via the API`cf-request:status`Check which headers are configured on CloudflareDebug Route
-----------

[](#debug-route)

Visit `/cf-request/status` in your browser to see all parsed headers as JSON. Disable with `CF_ALLOW_STATUS_VIEW=false` in your `.env`.

Changelog
---------

[](#changelog)

See [CHANGELOG](CHANGELOG.md) for recent changes.

Credits
-------

[](#credits)

- [David Philip](https://github.com/pdphilip)

License
-------

[](#license)

The MIT License (MIT). See [License File](LICENSE.md) for details.

###  Health Score

54

—

FairBetter than 97% of packages

Maintenance89

Actively maintained with recent releases

Popularity36

Limited adoption so far

Community13

Small or concentrated contributor base

Maturity62

Established project with proven stability

 Bus Factor1

Top contributor holds 85.1% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~24 days

Recently: every ~8 days

Total

24

Last Release

55d ago

Major Versions

v0.0.8 → v1.0.02024-09-18

v1.0.5 → v2.0.02025-11-18

2.x-dev → v3.0.02026-02-20

### Community

Maintainers

![](https://www.gravatar.com/avatar/d6945e816609fe0d57ad2e073ad9f6ea008ac19636ff439e528c765df6c26230?d=identicon)[pdphilip](/maintainers/pdphilip)

---

Top Contributors

[![pdphilip](https://avatars.githubusercontent.com/u/6921550?v=4)](https://github.com/pdphilip "pdphilip (74 commits)")[![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)](https://github.com/dependabot[bot] "dependabot[bot] (7 commits)")[![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?v=4)](https://github.com/github-actions[bot] "github-actions[bot] (6 commits)")

---

Tags

laravelPDPhilipcf-request

###  Code Quality

TestsPest

Static AnalysisPHPStan

Code StyleLaravel Pint

### Embed Badge

![Health badge](/badges/pdphilip-cf-request/health.svg)

```
[![Health](https://phpackages.com/badges/pdphilip-cf-request/health.svg)](https://phpackages.com/packages/pdphilip-cf-request)
```

###  Alternatives

[omniphx/forrest

A Laravel library for Salesforce

2724.4M8](/packages/omniphx-forrest)[sunchayn/nimbus

A Laravel package providing an in-browser API client with automatic schema generation, live validation, and built-in authentication with a touch of Laravel-tailored magic for effortless API testing.

29428.0k](/packages/sunchayn-nimbus)[muhammadhuzaifa/telescope-guzzle-watcher

Telescope Guzzle Watcher provide a custom watcher for intercepting http requests made via guzzlehttp/guzzle php library. The package uses the on\_stats request option for extracting the request/response data. The watcher intercept and log the request into the Laravel Telescope HTTP Client Watcher.

98239.8k1](/packages/muhammadhuzaifa-telescope-guzzle-watcher)[vormkracht10/laravel-mails

Laravel Mails can collect everything you might want to track about the mails that has been sent by your Laravel app.

24149.7k](/packages/vormkracht10-laravel-mails)[api-platform/laravel

API Platform support for Laravel

59126.4k6](/packages/api-platform-laravel)[dragon-code/laravel-http-logger

Logging incoming HTTP requests

319.8k3](/packages/dragon-code-laravel-http-logger)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)