PHP code example of teikun-86 / anti-spoof

1. Go to this page and download the library: Download teikun-86/anti-spoof library. Choose the download type require.

2. Extract the ZIP file and open the index.php.

3. Add this code to the index.php.
    
        
<?php
require_once('vendor/autoload.php');

/* Start to develop here. Best regards https://php-download.com/ */

    

teikun-86 / anti-spoof example snippets




return [
    /**
     * List of trusted proxies.
     * Requests coming from these IPs will not be checked for spoofing.
     * This is useful for load balancers or reverse proxies that handle the real IP.
     * You can specify IPs or CIDR ranges.
     */
    'trusted_proxies' => [
        // Example: '192.168.0.1', '10.0.0.1'
    ],

    /**
     * Determine if spoofing attempts should block access.
     * If true, a 403 response will be returned when spoofing is detected.
     * If false, spoofing attempts will be logged but not blocked.
     */
    'block' => true,

    /**
     * Message to return when spoofing is detected and blocking is enabled.
     * This message will be shown in the 403 response.
     * You can customize it to provide more context or instructions to the user.
     */
    'message' => 'Access denied.',

    'user_agent' => [
        /**
         * Enable or disable user agent spoofing detection.
         * If false, user agent checks will be skipped.
         */
        'enabled' => true,

        /**
         * Allowed user agent patterns.
         * If empty, all user agents are allowed except those in the 'blocked' list.
         */
        'allowed' => [
            // 'Mozilla/', 'Chrome/', 'Safari/', etc.
        ],

        /**
         * Block these patterns even if allowed list is empty.
         * This pattern takes priority over the allowed list.
         * If a user agent matches any of these patterns, it will be considered suspicious even if it is in the allowed list.
         * You can add common bot or script user agents here to prevent them from accessing your application.
         * Examples 

// In app/Http/Kernel.php if you're using Laravel v10
protected $routeMiddleware = [
    // ...
    'anti-spoof' => \Teikun86\AntiSpoof\Http\Middleware\AntiSpoofingMiddleware::class,
];

// in bootstrap/app.php if you're using Laravel v11 or later.
return Application::configure(basePath: dirname(__DIR__))
    // ...
    ->withMiddleware(function (Middleware $middleware): void {
        $middleware->append(\Teikun86\AntiSpoof\Http\Middleware\AntiSpoofingMiddleware::class);
    })
    // ...
    ->create();

// In your routes/web.php or routes/api.php or other route files.
Route::middleware(['anti-spoof'])->group(function () {
    // Your routes here
});

use Teikun86\AntiSpoof\Actions\DetectSpoofing;

public function someControllerMethod()
{
    $spoofed = DetectSpoofing::run();
    
    if ($spoofed) {
        // Spoofing detected, handle accordingly
    } else {
        // No spoofing detected, proceed with the request
    }
}

use Teikun86\AntiSpoof\AntiSpoof;

...
$antiSpoof = app(AntiSpoof::class);
if ($antiSpoof->isSpoofed()) {
    // Handle spoofing
}
...

$spoofData = $antiSpoof->getSpoofData();
// $spoofData contains 'real_ip', 'forwarded_for', and 'user_agent
// You can log it, send an alert, or take any action you need

$realIp = $spoofData['real_ip'];
$forwardedFor = $spoofData['forwarded_for'];
$userAgent = $spoofData['user_agent'];

use Teikun86\AntiSpoof\Facades\AntiSpoof;
...
if (AntiSpoof::isSpoofed()) {
    // Handle spoofing
}
$spoofData = AntiSpoof::getSpoofData();
// $spoofData contains 'real_ip', 'forwarded_for', and 'user_agent
// You can log it, send an alert, or take any action you need
$realIp = $spoofData['real_ip'];
$forwardedFor = $spoofData['forwarded_for'];
$userAgent = $spoofData['user_agent'];

use Teikun86\AntiSpoof\Events\SpoofAttemptDetected;
use Teikun86\AntiSpoof\Events\ShadyUserAgentDetected;
use Illuminate\Support\Facades\Event;
use Illuminate\Support\ServiceProvider;

class EventServiceProvider extends ServiceProvider
{
    protected $listen = [
        SpoofAttemptDetected::class => [
            // Handle spoofing attempts
            App\Listeners\HandleSpoofAttempt::class,
        ],
        ShadyUserAgentDetected::class => [
            // Handle shady user agents
            App\Listeners\HandleShadyUserAgent::class,
        ],
    ];
}

use Teikun86\AntiSpoof\Events\SpoofAttemptDetected;
use Teikun86\AntiSpoof\Events\ShadyUserAgentDetected;
use Illuminate\Support\Facades\Event;

...

Event::listen(SpoofAttemptDetected::class, function (SpoofAttemptDetected $event) {
    // Handle spoofing attempt
    // $event->realIp, $event->forwardedFor, $event->userAgent
});
Event::listen(ShadyUserAgentDetected::class, function (ShadyUserAgentDetected $event) {
    // Handle shady user agent
    // $event->userAgent
});
bash
php artisan vendor:publish --tag=anti-spoof-config
bash
php artisan vendor:publish --tag=anti-spoof-tests
bash
php artisan test