keepsuit / laravel-threat-blocker
Block threat request to your application
Installs: 154
Dependents: 0
Suggesters: 0
Security: 0
Stars: 0
Watchers: 0
Forks: 0
Open Issues: 1
pkg:composer/keepsuit/laravel-threat-blocker
Requires
- php: ^8.3
- illuminate/contracts: ^11.0 || ^12.0
- spatie/laravel-package-tools: ^1.16
Requires (Dev)
- larastan/larastan: ^3.0
- laravel/pint: ^1.14
- nunomaduro/collision: ^8.8
- orchestra/testbench: ^9.0 || ^10.5
- pestphp/pest: ^4.0
- pestphp/pest-plugin-arch: ^4.0
- pestphp/pest-plugin-laravel: ^4.0
- phpstan/extension-installer: ^1.4
- phpstan/phpstan-deprecation-rules: ^2.0
- phpstan/phpstan-phpunit: ^2.0
- spatie/invade: ^2.1
- spatie/laravel-honeypot: ^4.5
- spatie/laravel-ray: ^1.35
- spatie/test-time: ^1.3
Suggests
- spatie/laravel-honeypot: Required for form honeypot detector
This package is auto-updated.
Last update: 2025-11-24 03:42:33 UTC
README
Laravel Threat Blocker is a package to block threat requests to your Laravel application based on different rules.
Installation
You can install the package via composer:
composer require keepsuit/laravel-threat-blocker
You can publish the config file with:
php artisan vendor:publish --tag="laravel-threat-blocker-config"
This is the contents of the published config file:
return [ /** * This option enables or disables the Threat Blocker protection. */ 'enabled' => env('THREAT_BLOCKER_ENABLED', true), /** * Storage driver to use for caching detectors data. */ 'storage_driver' => env('THREAT_BLOCKER_STORAGE_DRIVER', 'cache'), 'storage' => [ 'cache' => [ 'store' => env('THREAT_BLOCKER_CACHE_STORE', env('CACHE_STORE', 'file')), 'prefix' => env('THREAT_BLOCKER_CACHE_PREFIX', 'threat_blocker'), ], ], /** * The following list of "detectors" will be used to identify threats. * You can enable or disable each detector individually and configure their settings. */ 'detectors' => [ /** * Block requests coming from IPs listed in the AbuseIPDB database. */ \Keepsuit\ThreatBlocker\Detectors\AbuseIpDetector::class => [ 'enabled' => env('THREAT_BLOCKER_ABUSE_IP_DETECTOR_ENABLED', true), // Source url for AbuseIP data, it can be a custom url or one of the predefined sources (provided by https://github.com/borestad/blocklist-abuseipdb) 'source' => \Keepsuit\ThreatBlocker\Enums\AbuseIpSource::Days30->url(), 'blacklist' => [ // These IPs will always be blocked by the AbuseIpDetector ], 'whitelist' => [ // These IPs will never be blocked by the AbuseIpDetector '127.0.0.1', ], ], /** * Block requests that contain form submissions with honeypot fields filled out. * This detector requires spatie/laravel-honeypot package to be installed and configured. */ \Keepsuit\ThreatBlocker\Detectors\FormHoneypotDetector::class => [ 'enabled' => env('THREAT_BLOCKER_FORM_HONEYPOT_DETECTOR_ENABLED', true), ], ], ];
Usage
-
Add the
ProtectAgainstThreatsmiddleware to routes you want to protect:use Keepsuit\ThreatBlocker\Middleware\ProtectAgainstThreats; Route::post('contact', [ContactController::class, 'submit'])->middleware(ProtectAgainstThreats::class);
-
Run the update command to warm the detectors cache:
php artisan threat-blocker:update
-
Schedule the update command to run periodically (e.g., daily) using Laravel's task scheduling:
$schedule->command('threat-blocker:update')->daily();
Testing
composer test
Changelog
Please see CHANGELOG for more information on what has changed recently.
Credits
License
The MIT License (MIT). Please see License File for more information.