Secure Laravel web application with IP Intelligence

Tram Ho

In this article, we will mention a simple way of using IP intelligence to detect unwanted connections and protect against unsafe requests.

What is IP Intelligence

When most people hear IP intelligence, what you think of is locating users from their IP address. But do not stop there. IP intelligence can be used to do many things. For example:

  • Personalized content.
  • Fraud prevention.
  • Look up time zone.
  • Redirecting language …

The above is just one of the few useful uses of IP intelligence.

Building a service that can do all the things listed above can take a lot of time and resources. So in this article I will use external applications IPAPI

Getting Started

We will be built as a middleware for the application, meaning that a request to the application will pass through this filter and deny the suspected agent is not good.

Create project laravel

We will run comand say to create a new project laravel.

After the comand runs, you will see a structured secret key: 86ebc30b4adfc508e48bf1b489140fe3 . And you need to add it to the .env file

Next you need to open config/services.php file & add the following value:

You need to install the GuzzleHttp package that will be used when you make a request to the server’s IPAPI.

You can then build an intermediary application.

Making a Request to IPAPI’s Server

Therefore, IPAPI provides two endpoints for us to use.

  • api.ipapi.com/api/ <ip> where we provide the Ip want to check.
  • api.ipapi.com/check will guess the destination IP address and give a response (preferably requests from the browser.) We will be interested in the first one because using the second one will get the IP of our server instead of the incoming request. So by using the first one, we can capture the user’s IP and forward it to the IPAPI.

We will create a request like:

The response will look like this:

We can see that IPAPI does a lot of work for us. However, for the scope of this article we care about security terms of feedback.

Creating Our Middleware

Middleware is the mechanism that lies between an incoming request and your application. You can find out more about Middleware at the Laravel homepage. Help you learn more about middleware.

Now we will move to the root of the application and run

After running the config file will be created: app/Http/Middlewares/IPFirewall.php the following content:

So to protect the server we can do this:

From the request above there are the following notes:

  • We first get the user’s IP address
  • Then we formulate our request to send it to IPAPI,
  • When we receive a response from IPAPI, we check to see if the security response exists
  • Then, if the level of threat required is high, we restrict user access.
Improving for Performance

The above solutions are not the best implementation. Because this means requests will slow down for each request coming to our application. Because Laravel has a cache class, we can use that to our advantage by using them

When calling Cache :: remember () will tell Laravel to fetch a value from the buffer, if it doesn’t exist, it will run the closure and return the closure value to the buffer. Using the IP address as the only key, Laravel will first try to fetch the IP state. If it is a request that is considered to be an unsafe request, then Laravel cancels it. On the other hand, the request is allowed through and we only need to perform checks once at a time. References:

https://ipapi.com/documentation

https://scotch.io/tutorials/understanding-laravel-middleware

https://scotch.io/tutorials/protecting-laravel-sites-with-ip-intelligence

My article is here to meet you again in the next article. 😃

Share the news now

Source : Viblo