Download the PHP package yorcreative/laravel-urlshortener without Composer
On this page you can find all versions of the php package yorcreative/laravel-urlshortener. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download yorcreative/laravel-urlshortener
More information about yorcreative/laravel-urlshortener
Files in yorcreative/laravel-urlshortener
Package laravel-urlshortener
Short Description A laravel url shortener package that provides internal url redirects with passwords, url expirations, open limits before expiration and click tracking out of the box.
License MIT
Informations about the package laravel-urlshortener
Laravel URL Shortener
A Laravel URL Shortener package that provides URL redirects with optionally protected URL password, URL expiration, open limits before expiration, ability to set feature activation dates, click tracking, custom vanity identifiers, event dispatching, and soft delete/restore out of the box for your Laravel applications.
Requirements
- PHP 8.1+ (PHP 8.3+ when using Laravel 13)
- Laravel 10.x, 11.x, 12.x, or 13.x
Installation
install the package via composer:
Publish the packages assets.
You can also publish assets by tag.
Run migrations.
Upgrade Guides
Usage
Building Short Urls
Finding Existing Short Urls
Deleting & Restoring Short Urls
Getting Click Information
Getting Click Information and Filtering on Ownership
Filter on Outcome
Filter on the Click's YorShortUrl Status
Filtered on YorShortUrl Identifier(s)
Filtered Clicks by UTM parameter(s). These Can be filtered together or individually.
Iterate Through Results With Batches
Putting it all Together
UTM Support
When creating a Short URL, the following UTM parameters are available to attach to the Short URL for advanced tracking of your Short Urls.
- utm_id
- utm_campaign
- utm_source
- utm_medium
- utm_content
- utm_term
UTM information is hidden in the Short URL identifier and clicks are filterable by UTM parameters.
Events
The package dispatches events that you can listen to in your application:
| Event | Dispatched When | Payload |
|---|---|---|
ShortUrlCreated |
A new short URL is built | ShortUrl $shortUrl, string $builtUrl |
ShortUrlClicked |
A short URL is clicked | string $identifier, int $outcomeId, string $requestIp, ?string $domain |
ShortUrlExpired |
An expired short URL is accessed | ShortUrl $shortUrl, string $identifier, ?string $domain |
Multi-Domain Support
v3 introduces multi-domain support, allowing you to host short URLs on multiple domains with per-domain configuration.
Enabling Multi-Domain
Set the environment variable or update your config:
Configuration
Building Short URLs for Specific Domains
Domain-Aware Lookups
Same Identifier on Different Domains
With multi-domain enabled, the same identifier can exist on different domains pointing to different URLs:
Security Features
URL Validation
v3 includes built-in URL validation to prevent open redirect and SSRF attacks. This is disabled by default for backwards compatibility, but recommended for new installations.
Protected against:
javascript:protocol (XSS)data:protocol (XSS)file:protocol (local file access)- Private IP ranges (SSRF)
- Cloud metadata endpoints (SSRF)
- Localhost redirects
When DNS private IP checks are enabled, hostnames are resolved during URL creation and any private or reserved resolved IP is rejected. DNS lookup failures or hosts with no IP records are allowed, so add known internal hostnames to blocked_hosts when they should always be rejected.
Rate Limiting for Password-Protected URLs
Brute-force protection is automatically enabled for password-protected short URLs:
After exceeding the maximum attempts, users receive a 429 Too Many Requests response with a Retry-After header.
Environment Variables
| Variable | Default | Description |
|---|---|---|
URL_SHORTENER_MULTI_DOMAIN |
false |
Enable multi-domain support |
URL_SHORTENER_DEFAULT_DOMAIN |
APP_URL |
Default domain for short URLs |
URL_SHORTENER_RESOLUTION_STRATEGY |
host |
How to resolve domain from request |
URL_SHORTENER_VALIDATE_DOMAIN |
true |
Validate requests against configured domains |
URL_SHORTENER_DOMAINS_DATABASE |
false |
Store domain config in database |
URL_SHORTENER_VALIDATE_URLS |
false |
Enable URL validation (recommended) |
URL_SHORTENER_BLOCK_PRIVATE_IPS |
true |
Block private/internal IPs |
URL_SHORTENER_RESOLVE_DNS_PRIVATE_IPS |
true |
Resolve hostnames and block private/reserved IP results |
URL_SHORTENER_BLOCK_METADATA |
true |
Block cloud metadata endpoints |
URL_SHORTENER_PASSWORD_MAX_ATTEMPTS |
5 |
Max password attempts before rate limit |
URL_SHORTENER_PASSWORD_DECAY_MINUTES |
1 |
Minutes until rate limit resets |
Testing
Credits
- Yorda
- All Contributors
All versions of laravel-urlshortener with dependencies
illuminate/contracts Version ^10.0|^11.0|^12.0|^13.0
stevebauman/location Version ^7.0