konsulting / laravel-blockade by konsulting

A simple block for your Laravel app to prevent access without a known code, and to force to https if you wish.
838
1
2
Github Link
Packagist Link
Package Data
Maintainer Username: konsulting
Maintainer Contact: keoghan@klever.co.uk (Keoghan Litchfield)
Package Create Date: 2017-03-16
Package Last Update: 2025-07-10
Language: PHP
License: MIT
Last Refreshed: 2025-11-07 15:06:25
Package Statistics
Total Downloads: 838
Monthly Downloads: 1
Daily Downloads: 0
Total Stars: 1
Total Watchers: 2
Total Forks: 0
Total Open Issues: 1

Blockade

A simple block for your Laravel app to prevent access without a known code, and to force to https if you wish.*

Installation

  • Install Blockade using composer: composer require konsulting/laravel-blockade

  • If you are using Laravel 5.5, the package will make the service provider available for auto-discovery. If you are using an earlier version of Laravel, add Blockade's Service Provider to config/app.php

'providers' => [
    // Other service providers...

    Konsulting\Laravel\Blockade\BlockadeServiceProvider::class,
],
  • Add the middleware to your app/Http/Kernel.php 
protected $middlewareGroups = [
        'web' => [
            ... Other middleware
            \Konsulting\Laravel\Blockade\IsBlocked::class,
            \Konsulting\Laravel\Blockade\ForceSecure::class,
        ],
        ... Other middleware groups
    ];

Only add the middleware you want to use.

  • Publish configuration and adjust for your site php artisan vendor:publish --provider=Konsulting\Laravel\Blockade\BlockadeServiceProvider --tag=config

  • Optionally publish views and adjust for your site php artisan vendor:publish --provider=Konsulting\Laravel\Blockade\BlockadeServiceProvider --tag=views

Configuration Options

There is a small set of configuration options. See the blockade.php config file for more information.

key - the variable name for the 'unlock code' to be used when checking is the site is blocked.

code - the code that allows access, it can be set using the environment variable BLOCKADE_CODE in the .env file

multiple_codes - whether or not to allow multiple codes to be used (specified as a comma-delimited list). Defaults to false

show_form - should Blockade show a form for the user to enter the code? defaults to false

not_blocked - an array of url patterns that should not be blocked

not_secure - an array of url patterns that should not be forced to https

Security

If you find any security issues, or have any concerns, please email keoghan@klever.co.uk, rather than using the issue tracker.

Contributing

Contributions are welcome and will be fully credited. We will accept contributions by Pull Request.

Please:

  • Use the PSR-2 Coding Standard
  • Add tests, if you’re not sure how, please ask.
  • Document changes in behaviour, including readme.md.

Testing

We use PHPUnit and the excellent orchestral/testbench

Run tests using PHPUnit: vendor/bin/phpunit