Lock IP in Laravel debug mode

by Devin Yang
(This article was automatically translated.)

Published - 1 year ago ( Updated - 1 year ago )

Laravel's debugging mode is quite rich. Laravel's official website has a reminder that you can set APP_DEBUG to true for local development, but in the production environment, this value must always be False.

Although you can use php artisan down The way to enter the maintenance mode, plus the secret can be accessed. 

artisan down --secret=NWQwODZhNTM0ODY5Zjc1MDdkMWI4NzIy

Then use the URL to open and add the set secret
https://yourserver.example/NWQwODZhNTM0ODY5Zjc1MDdkMWI4NzIy

But if you are developing something, you need an external network environment, such as a BOT webhook, How to tell it🥺, at least you must be able to lock an external network IP.
My current approach is to adjust config/app.php, so that I can decide whether to start the DEBUG mode through the external network. 

/*
    |--------------------------------------------------------------------------
    | Application Debug Mode
    |--------------------------------------------------------------------------
    |
    | When your application is in debug mode, detailed error messages with
    | stack traces will be shown on every error that occurs within your
    | application. If disabled, a simple generic error page is shown.
    |
    */

    //'debug' => (bool) env('APP_DEBUG', false),
   'debug' => env('APP_DEBUG', ($_SERVER[env("PROXY_REAL_IP","REMOTE_ADDR")]??"null") == env('APP_CAN_DEBUG','') ? true : false),

In the above setting, we can change the APP_DEBUG of .env to APP_CAN_DEBUG=my external network IP.
If necessary, add PROXY_REAL_IP to define the real IP that the host or container can obtain.

In this way, as long as you need to make relevant settings in .env, you can enter Debug mode with peace of mind.
When not in use, adjust APP_CAN_DEBUG in .env to false to lock it. 

#APP_CAN_DEBUG=false
PROXY_REAL_IP=HTTP_X_REAL_IP
APP_CAN_DEBUG=111.248.117.140

PROXY_REAL_IP is used to set the real IP of the Proxy in the header, which can be set according to your own environment.
Like HTTP_X_FORWARDED_FOR or HTTP_X_REAL_IP etc.
 

We can write a simple Route and use phpinfo to check our external network IP and the header name of $_SERVER to confirm whether there is any setting error. 

Route::get('/myphpinfo', function(){
    phpinfo();
});

Tags: laravel Laravel security

Devin Yang

Feel free to ask me, if you don't get it.:)

Follow

No Comment

Post your comment

Login is required to leave comments

Similar Stories


城堡
laravel

Random passwords in Laravel maintenance mode

The functions mentioned in this article can only be used for Laravel 8 and later versions. If we have some test websites outside Laravel with external IPs, but we only want to access them for ourselves. Here's how I did it for reference

城堡
laravel

Facebook test user

Is there anyone who uses OAuth for website user login like me? There is a "test user" on the Facebook developer page. It can be used to test whether the function of Facebook is normal, Because when the website moved to Google’s GCE, for some reason, I actually posted one more in the $fillable array of Laravel’s User model~, Normally the program works fine, but when a new user logs in, an error is shown to you. I keep hearing people say that I can't log in to this website to leave a message. I want to say that I am very normal. @@ After using the test user test today, ha, I found that the login function on my website has been broken for a long time.

城堡
dlaravel

Use docker in docker to build a D-Laravel test environment.

D-Laravel is an extremely easy-to-use and extremely flexible Laravel development environment. As long as you are a Mac user, even if you don’t know Docker, you can use it to create Laravel projects and develop them. Due to the newly added .env function When it comes to functions, those who are in a hurry push, but there is no complete test, and a bunch of new bugs are created. Therefore, this time, a new dlaravel_test, a bash testing tool, is added to run the test through docker in docker. Make sure that every release of D-Laravel can be a stable version.