Block Known Spam IPs from Your Laravel App with the Abuse IP Package

The Laravel Abuse IP community package by Rahul Alam adds a layer of protection to your Laravel application from known spam IPs. This package provides an Artisan command to keep your IP list in sync with the Aggregated AbuseIPDB blocklist and middleware to check requests against the list.

To start using this package, you need sync the blocklist file of IPs. If you run your application on multiple servers, your storage drive will need to be centralized, or you'll need to sync and store the IP list data on each server.

Next, the package's AbuseIp middleware will check requests against the block list to prevent IPs on the list from accessing your application. To configure this middleware, you can add it to your Laravel project's bootstrap/app.php file or add it to routes directly as desired:

->withMiddleware(function (Middleware $middleware) {
    $middleware->append(\App\Http\Middleware\AbuseIp::class);
});
 
// Or via an individual route (or group of routes)
Route::middleware(AbuseIp::class)->get('/', function () {
    return view('welcome');
});

The AbuseIPDB list is updated multiple times a day, so you'll also want to schedule an update to the blocklist (which is then cached) to run daily:

$schedule->command('abuseip:update')->daily();

You are free to update the source of the IP blocklist via the package's configuration. You can learn more about this package, get full installation instructions, and view the source code on GitHub.