Reputation: 1172
Laravel API only accessible via vpn
We are building the API that will used by other application to read/write data on from our application.
E.g: www.example.com/getPayments/useid
The requirement: the above API should only be accessible via VPN so someone can't call it from the web.
So how can I make some routes in our application to only be accessible via VPN in Laravel .
Upvotes: 2
Views: 4375
Answers (1)
Reputation: 603
Writing some middleware to restrict access to certain routes based on the IP address of your visitor should work for you, so long as the IP address of the VPN has been included in the HTTP headers of the request or is available to PHP through another $_SERVER variable. You'll need to inspect the headers of the HTTP request that is sent to find the one that contains the IP address of your VPN, then use this within your middleware.
You could either write a lightweight middleware component to do this, or use an existing package to whitelist only the VPN's IP address for the routes that you want to protect.
Firewall is an existing Laravel service provider that can help you with this.
Upvotes: 3
Related Questions
- Laravel api bypass auth api for specific ip address
- Laravel API Request - “Unauthorized”
- Access public Laravel API only from certain server IP?
- Access Laravel site outside of network
- Accessing laravel on local without IP address
- Laravel on server with ip
- Laravel 5.4 Api Route 401
- How to set up Laravel 5.2 to connect to API
- Setting up a Laravel 4 app on a VPS
- Laravel Rest API not working on actual server