1. Go to this page and download the library: Download teikun-86/anti-spoof library. Choose the download type require.
2. Extract the ZIP file and open the index.php.
3. Add this code to the index.php.
<?php
require_once('vendor/autoload.php');
/* Start to develop here. Best regards https://php-download.com/ */
teikun-86 / anti-spoof example snippets
return [
/**
* List of trusted proxies.
* Requests coming from these IPs will not be checked for spoofing.
* This is useful for load balancers or reverse proxies that handle the real IP.
* You can specify IPs or CIDR ranges.
*/
'trusted_proxies' => [
// Example: '192.168.0.1', '10.0.0.1'
],
/**
* Determine if spoofing attempts should block access.
* If true, a 403 response will be returned when spoofing is detected.
* If false, spoofing attempts will be logged but not blocked.
*/
'block' => true,
/**
* Message to return when spoofing is detected and blocking is enabled.
* This message will be shown in the 403 response.
* You can customize it to provide more context or instructions to the user.
*/
'message' => 'Access denied.',
'user_agent' => [
/**
* Enable or disable user agent spoofing detection.
* If false, user agent checks will be skipped.
*/
'enabled' => true,
/**
* Allowed user agent patterns.
* If empty, all user agents are allowed except those in the 'blocked' list.
*/
'allowed' => [
// 'Mozilla/', 'Chrome/', 'Safari/', etc.
],
/**
* Block these patterns even if allowed list is empty.
* This pattern takes priority over the allowed list.
* If a user agent matches any of these patterns, it will be considered suspicious even if it is in the allowed list.
* You can add common bot or script user agents here to prevent them from accessing your application.
* Examples
// In app/Http/Kernel.php if you're using Laravel v10
protected $routeMiddleware = [
// ...
'anti-spoof' => \Teikun86\AntiSpoof\Http\Middleware\AntiSpoofingMiddleware::class,
];
// in bootstrap/app.php if you're using Laravel v11 or later.
return Application::configure(basePath: dirname(__DIR__))
// ...
->withMiddleware(function (Middleware $middleware): void {
$middleware->append(\Teikun86\AntiSpoof\Http\Middleware\AntiSpoofingMiddleware::class);
})
// ...
->create();
// In your routes/web.php or routes/api.php or other route files.
Route::middleware(['anti-spoof'])->group(function () {
// Your routes here
});
use Teikun86\AntiSpoof\Actions\DetectSpoofing;
public function someControllerMethod()
{
$spoofed = DetectSpoofing::run();
if ($spoofed) {
// Spoofing detected, handle accordingly
} else {
// No spoofing detected, proceed with the request
}
}
use Teikun86\AntiSpoof\AntiSpoof;
...
$antiSpoof = app(AntiSpoof::class);
if ($antiSpoof->isSpoofed()) {
// Handle spoofing
}
...
$spoofData = $antiSpoof->getSpoofData();
// $spoofData contains 'real_ip', 'forwarded_for', and 'user_agent
// You can log it, send an alert, or take any action you need
$realIp = $spoofData['real_ip'];
$forwardedFor = $spoofData['forwarded_for'];
$userAgent = $spoofData['user_agent'];
use Teikun86\AntiSpoof\Facades\AntiSpoof;
...
if (AntiSpoof::isSpoofed()) {
// Handle spoofing
}
$spoofData = AntiSpoof::getSpoofData();
// $spoofData contains 'real_ip', 'forwarded_for', and 'user_agent
// You can log it, send an alert, or take any action you need
$realIp = $spoofData['real_ip'];
$forwardedFor = $spoofData['forwarded_for'];
$userAgent = $spoofData['user_agent'];
use Teikun86\AntiSpoof\Events\SpoofAttemptDetected;
use Teikun86\AntiSpoof\Events\ShadyUserAgentDetected;
use Illuminate\Support\Facades\Event;
use Illuminate\Support\ServiceProvider;
class EventServiceProvider extends ServiceProvider
{
protected $listen = [
SpoofAttemptDetected::class => [
// Handle spoofing attempts
App\Listeners\HandleSpoofAttempt::class,
],
ShadyUserAgentDetected::class => [
// Handle shady user agents
App\Listeners\HandleShadyUserAgent::class,
],
];
}
use Teikun86\AntiSpoof\Events\SpoofAttemptDetected;
use Teikun86\AntiSpoof\Events\ShadyUserAgentDetected;
use Illuminate\Support\Facades\Event;
...
Event::listen(SpoofAttemptDetected::class, function (SpoofAttemptDetected $event) {
// Handle spoofing attempt
// $event->realIp, $event->forwardedFor, $event->userAgent
});
Event::listen(ShadyUserAgentDetected::class, function (ShadyUserAgentDetected $event) {
// Handle shady user agent
// $event->userAgent
});