Cloudflare Laravel Request inherits the request object from Laravel and parses specific headers from Cloudflare to provide additional information about the request, including:
CfRequest::ip()- Original Client IP (Before it passes through any proxies)CfRequest::country()- Origin CountryCfRequest::timezone()- Origin TimezoneCfRequest::city()- Origin CityCfRequest::region()- Origin RegionCfRequest::postalCode()- Origin Postal CodeCfRequest::lat()- Origin LatitudeCfRequest::lon()- Origin LongitudeCfRequest::isBot()- If it's a botCfRequest::threatScore()- Threat Score from Cloudflare
The User-Agent is also parsed to provide additional information about the device, including:
CfRequest::deviceType()- Device Type (mobile, tablet, desktop, tv, etc)CfRequest::deviceBrand()- Device BrandCfRequest::deviceModel()- Device ModelCfRequest::os()- Device OSCfRequest::osVersion()- Device OS VersionCfRequest::browser()- Device BrowserCfRequest::browserVersion()- Device Browser Version
With this package, you can:
- Replace
Request $requestwithCfRequest $requestin your controller methods to access the additional methods. - Call the
CfRequestfacade anywhere in your application to access this information.
CF Request in action: Test your connection
public function register(CfRequest $request)
{
if ($request->isBot()) {
abort(403, 'Naughty bots');
}
if ($request->threatScore() > 50) {
abort(403, 'Thanks but no thanks');
}
$attributes = $request->validate([
'first_name' => 'required|string',
'last_name' => 'required|string',
//... etc
]);
//... etc
}date_default_timezone_set(CfRequest::timezone());
// Now carbon dates will be parsed for the user's timezonepublic function welcome()
{
if (CfRequest::country() === 'US') {
return view('welcome_us');
}
return view('welcome');
}public function welcome()
{
$loadVideo = true;
if (CfRequest::deviceType() === 'mobile') {
$loadVideo = false;
}
// etc
}- Laravel 10+
- Cloudflare as a proxy (though it will work without it and have no data on the CF-specific headers)
Add the package via composer:
composer require pdphilip/cf-requestThen install with:
php artisan cf-request:installOption 1: Via Cloudflare API
- Go to your Cloudflare dashboard
- Click on the domain you want to configure
- Copy the Zone ID
- Save in ENV as
CF_API_ZONE_ID
- Navigate to: https://dash.cloudflare.com/profile/api-tokens
- Click on "Create Token"
- Select: Create Custom Token (Get started)
- {Enter Token name}
- Permissions
- Account: Account Rulesets: Edit
- Zone: Transform Rules: Edit
- Account Resources
- Include: All Accounts
- Zone Resources
- Include: All Zones
- Create Token and Save in ENV as
CF_API_TOKEN
php artisan cf-request:headers
Option 2: Manually on Cloudflare
- Go to your Cloudflare dashboard
- Click on the domain you want to configure
- Click on the "Rules -> Transform Rules" menu
- Select "Modify Request Header" tab
- Click "Create a Rule"
- Name: "Laravel Headers:
- Select "All incoming requests"
- Set the following headers:
Set dynamic
X-AGENT
http.user_agent
Set dynamic
X-IP
ip.src
Set dynamic
X-COUNTRY
ip.src.country
Set dynamic
X-CONTINENT
ip.src.continent
Set dynamic
X-CITY
ip.src.city
Set dynamic
X-POSTAL-CODE
ip.src.postal_code
Set dynamic
X-REGION
ip.src.region
Set dynamic
X-TIMEZONE
ip.src.timezone.name
Set dynamic
X-LAT
ip.src.lat
Set dynamic
X-LON
ip.src.lon
Set dynamic
X-REFERER
http.referer
Set dynamic
X-IS-BOT
cf.client.bot
Set dynamic
X-THREAT-SCORE
cf.threat_score
All the standard Laravel request methods are available, with the following additional methods:
You can use the CfRequest facade or inject the CfRequest $request class into your controller methods.
- This package comes with a test route that will display the headers being parsed from Cloudflare.
- You can access this route by visiting
/cf-request/statuson your application. - You can disable this in the config file or by setting the
CF_ALLOW_STATUS_VIEWenvironment variable tofalse.
Please see CHANGELOG for more information on what has changed recently.
Please see CONTRIBUTING for details.
The MIT License (MIT). Please see License File for more information.