how to filtering HTTP requests using Middleware in laravel9

example-of-using-http-requests-filter-middleware-in-laravel-framework

How to filter request’s IP address

403 (Forbidden) status code due to refuses to authorize access this page

In Laravel, you can filter HTTP requests using middleware. Middleware are classes that can be used to filter HTTP requests entering your application.

You can create a new middleware class using the make:middleware command:

php artisan make:middleware ExampleFilter

This will create a new file in the app/Http/Middleware directory.

In this class, you can define a handle method that will receive the request and the next closure to be executed. Here is an example of how to filter out requests that do not have a specific header:

public function handle($request, Closure $next)
{
    if (!$request->hasHeader('example')) {
        return response('Forbidden', 403);
    }

    return $next($request);
}

You can then apply this middleware to specific routes or controllers using the middleware property or the middleware method:

Route::middleware(ExampleFilter::class)->group(function () {
    // routes that require the example header
});

class ExampleController extends Controller
{
    public function __construct()
    {
        $this->middleware(ExampleFilter::class);
    }
}

Alternatively you can use it globally in app/Http/Kernel.php by adding it to $middleware array

protected $middleware = [
    // ...
    ExampleFilter::class,
];

You can also use the except or only properties to specify which routes should not be affected by the middleware.

In the handle method of the middleware class, you can define the conditions that the request must meet in order to be passed to the controller. For example, you can use the Request facade to check the IP address of the request and block it if it’s from a certain range:

use Illuminate\Http\Request;

public function handle(Request $request, Closure $next)
{
    $ip = $request->ip();
    if (strpos($ip, '192.168.') === 0) {
        return response('Unauthorized.', 401);
    }
    return $next($request);
}

Register the middleware:
Next, you need to register the middleware in the app/Http/Kernel.php file. You can register it as a global middleware or a route middleware depending on your needs.

Apply the middleware:
Finally, you can apply the middleware to the routes or controllers that need it. For example, if you want to apply it to all routes, you can use the middleware method on the Route facade:

Route::middleware(RequestFilterMiddleware::class)->group(function () {
    Route::get('/', 'HomeController@index');
    Route::get('/about', 'HomeController@about');
});

In this example, the RequestFilterMiddleware will be applied to all routes in the group, and the filter conditions defined in the middleware will be checked before the request is passed to the controller. If the request’s IP address starts with “192.168.”, the request will be blocked and a 401 Unauthorized response will be returned.