Web ortam\u0131ndaki uygulamalar\u0131m\u0131z\u0131 kullanan k\u00f6t\u00fc niyetli kullan\u0131c\u0131lar bulunabilir. Bu kullan\u0131c\u0131lar ya ba\u015fka ziyaret\u00e7ileri rahats\u0131z edebilir ya da formlar\u0131m\u0131z\u0131 kullanarak(SQL injection gibi…) uygulamay\u0131 \u00e7\u00f6kertmek isteyebilir. Bu gibi ziyaret\u00e7ilerin iplerini tespit ederek iplerini uygulama seviyesinde engelleyebiliriz. Bu yaz\u0131da Laravel 8′ de k\u00f6t\u00fc niyetli kullan\u0131c\u0131lar\u0131n ip’ leri kara listeye al\u0131narak nas\u0131l engellenece\u011fini anlataca\u011f\u0131m.<\/p>\n\n\n\n
\u0130lk \u00f6nce kullan\u0131c\u0131lar\u0131n uygulamam\u0131za giri\u015f yapt\u0131klar\u0131 andaki zaman bilgilerini ve iplerini veritaban\u0131<\/strong>na kaydedece\u011fiz. Laravelin User model<\/strong>i ba\u015flang\u0131\u00e7ta bu alanlara sahip olmad\u0131\u011f\u0131 i\u00e7in bu alanlar\u0131 User tablosuna biz ekleyece\u011fiz. Bunun i\u00e7in ilk \u00f6nce migration dosyalar\u0131n\u0131 olu\u015fturaca\u011f\u0131z. Laravel’ de a\u015fa\u011f\u0131daki komutu \u00e7al\u0131\u015ft\u0131rarak migration dosyas\u0131n\u0131 olu\u015fturuyoruz.<\/p>\n\n\n\n Migration dosyas\u0131na last_login_at<\/strong> ve last_login_ip<\/strong> alanlar\u0131n\u0131 ekleyip app\\Models\\User.php <\/strong>model php dosyas\u0131nda veritaban\u0131na ekledi\u011fimiz alanlar\u0131 tan\u0131ml\u0131yoruz.<\/p>\n\n\n\n Son ad\u0131mda kullan\u0131c\u0131 web uygulamam\u0131za giri\u015f yapt\u0131\u011f\u0131ndaki ipsini ve giri\u015f zaman\u0131n\u0131 kaydetmek i\u00e7in LoginController<\/strong>‘ daki authenticated<\/strong> metodunu override ediyoruz. <\/p>\n\n\n\n app\/Http\/Controllers\/Auth\/LoginController.php<\/strong> <\/p>\n\n\n\n Daha sonra engellenecek iplerin tutulaca\u011f\u0131 blocked_ips<\/strong> tablosunu olu\u015fturaca\u011f\u0131z. Bunun i\u00e7in Daha sonra Bu tablonun CRUD(create, read, update and delete) i\u015flemleri i\u00e7in routes\/web.php<\/strong> dosyas\u0131nda route’ lar\u0131 tan\u0131ml\u0131yoruz.<\/p>\n\n\n\n Controller’ \u0131m\u0131zda olu\u015fturdu\u011fumuz metodlar\u0131 olu\u015fturduktan sonra view <\/strong>dosyalar\u0131m\u0131z\u0131 olu\u015fturuyoruz.<\/p>\n\n\n\n blocked_ips.blade.php<\/strong> dosyam\u0131zda ip’ leri listeliyoruz.<\/p>\n\n\n\n add_blocked_ip.blade.php<\/strong> dosyam\u0131zdaki form ile engellemek istedi\u011fimiz ipyi kara listeye al\u0131yoruz.<\/p>\n\n\n\n \u015eimdi veri taban\u0131nda ipsini tespit etti\u011fimiz kullan\u0131c\u0131n\u0131n uygulamaya giri\u015fini engellemek i\u00e7in middleware <\/strong>olu\u015fturaca\u011f\u0131z. Bunun i\u00e7in terminal ekran\u0131nda Kernel.php<\/strong> dosyas\u0131ndaki $middleware<\/strong> arrayine her requestte \u00e7al\u0131\u015fmas\u0131 i\u00e7in RestrictIpAddressMiddleware middleware ‘i ekliyoruz.<\/p>\n\n\n\n RestrictIpAddressMiddleware.php<\/strong><\/p>\n\n\n\n middleware’ imizin handle<\/strong> metodunu a\u015fa\u011f\u0131daki gibi d\u00fczenleyerek istenmeyen kullan\u0131c\u0131lar\u0131n uygulamam\u0131z\u0131 kullanmas\u0131n\u0131 engelliyoruz.<\/p>\n\n\n\n Art\u0131k istenmeyen kullan\u0131c\u0131lar\u0131n iplerini tespit ederek uygulamam\u0131zdan uzak tutabiliriz.<\/p>\n\n\n\n Ba\u015far\u0131lar …<\/p>\n","protected":false},"excerpt":{"rendered":" Web ortam\u0131ndaki uygulamalar\u0131m\u0131z\u0131 kullanan k\u00f6t\u00fc niyetli kullan\u0131c\u0131lar bulunabilir. Bu kullan\u0131c\u0131lar ya ba\u015fka ziyaret\u00e7ileri rahats\u0131z edebilir ya da formlar\u0131m\u0131z\u0131 kullanarak(SQL injection gibi…) uygulamay\u0131 \u00e7\u00f6kertmek isteyebilir. Bu gibi ziyaret\u00e7ilerin iplerini tespit ederek iplerini uygulama seviyesinde engelleyebiliriz. Bu yaz\u0131da Laravel 8′ de k\u00f6t\u00fc niyetli kullan\u0131c\u0131lar\u0131n ip’ leri kara listeye al\u0131narak nas\u0131l engellenece\u011fini anlataca\u011f\u0131m. User Tablosuna last_login_at ve last_login_ip […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[68,28],"tags":[],"yoast_head":"\nphp artisan make:migration add_login_fields_to_users_table<\/code><\/p>\n\n\n\nclass AddLoginFieldsToUsersTable extends Migration\n{\n \/**\n * Run the migrations.\n *\n * @return void\n *\/\n public function up()\n {\n Schema::table('users', function (Blueprint $table) {\n $table->datetime('last_login_at')->nullable();\n $table->string('last_login_ip')->nullable();\n });\n }\n}<\/pre><\/div>\n\n\n\nphp artisan migrate<\/code> komutunu terminalde \u00e7al\u0131\u015ft\u0131r\u0131yoruz.<\/p>\n\n\n\nclass User extends Authenticatable\n{\n protected $fillable = [\n 'name',\n 'email',\n 'password',\n \t'last_login_at', \n \t'last_login_ip',\n ];<\/pre><\/div>\n\n\n\nfunction authenticated(Request $request, $user)\n{\n $user->update([\n 'last_login_at' => Carbon::now()->toDateTimeString(),\n 'last_login_ip' => $request->getClientIp()\n ]);\n}<\/pre><\/div>\n\n\n\nblocked_ips Tablosu <\/h3>\n\n\n\n
php artisan make:migration create_blocked_ips_table<\/code> migration dosyas\u0131n\u0131 olu\u015fturup i\u00e7ine ip alan\u0131n\u0131 tan\u0131ml\u0131yoruz.<\/p>\n\n\n\nclass CreateBlockedIpsTable extends Migration\n{\n public function up()\n {\n Schema::create('blocked_ips', function (Blueprint $table) {\n $table->id();\n $table->string('ip')->nullable();\n $table->timestamps();\n });\n }<\/pre><\/div>\n\n\n\nphp artisan migrate<\/code> diyerek tablomuzu olu\u015fturuyoruz.<\/p>\n\n\n\nphp artisan make:model BlockedIp<\/code> ad\u0131nda modelimizi olu\u015fturuyoruz.<\/p>\n\n\n\nclass BlockedIps extends Controller\n{\n protected $fillable = [\n 'ip'\n ];\n}<\/pre><\/div>\n\n\n\n\t\tRoute::get('blocked_ips', 'BlockedIpsController@getAll')->name('dashboard.blocked_ips');\n\t\tRoute::get('blocked_ips', 'BlockedIpsController@create')->name('dashboard.create_blocked_ip');;\n\t\tRoute::post('blocked_ips', 'BlockedIpsController@store')->name('dashboard.store_blocked_ip');;\n\t\tRoute::delete('blocked_ips\/{id}', 'BlockedIpsController@delete')->name('dashboard.delete_blocked_ip');;<\/pre><\/div>\n\n\n\nphp artisan make:controller BlockedIps<\/code> komutu ile controller’ \u0131m\u0131z\u0131 olu\u015fturuyoruz. \u0130\u00e7ine kullanaca\u011f\u0131m\u0131z metodlar\u0131 yaz\u0131yoruz.<\/p>\n\n\n\n<?php\nnamespace App\\Http\\Controllers;\n\nuse Illuminate\\Http\\Request;\nuse Illuminate\\Support\\Facades\\Log;\n\nclass BlockedIpsController extends Controller\n{\n public function getAll(Request $request){\n \ttry{\n $blocked_ips = \\App\\BlockedIp::get();\n }catch(\\Exception $e){\n Log::error('Error when fetching blocked ips' . $e->getMessage());\n }\n return view('blocked_ips', $blocked_ips);\n }\n \n \tpublic function create(Request $request){\n return view('create_blocked_ip');\n }\n\n public function store(Request $request){\n $params = $request->all();\n \n try{\n $blocked_ip = new \\App\\BlockedIps();\n $blocked_ip->fill($params);\n $blocked_ip->save();\n }catch(\\Exception $e) {\n Log::error('Admin: new blocked ip error : ' . $e->getMessage());\n }\n return redirect()->route('dashboard.blocked_ips');\n }\n\n public function delete(Request $request, $id){\n \t$blocked_ip = \\App\\BlockedIp::find($id);\n \t\ttry{\n $blocked_ip->delete();\n }catch(\\Exception $e){\n Log::error('Admin: delete blocked ip error : ' . $e->getMessage());\n }\n return redirect()->route('dashboard.blocked_ips');\n }\n}<\/pre><\/div>\n\n\n\n<h2>Engellenen IP listesi<\/h2>\n <a href="{{route('dashboard.create_blocked_ip')}}" class="btn btn-success" style="float: right;">Ip Ekle<\/a>\n <table class="table table-hover">\n <thead>\n <tr>\n <th>IP<\/th>\n <th><\/th>\n <\/tr>\n <\/thead>\n <tbody>\n @for($blocked_ips as $blocked_ip)\n <tr>\n <td>{{$blocked_ip->ip}}<\/td>\n <td><a href="{{route('dashboard.delete_blocked_ip', ['id' => $blocked_ip->id])}}" class="btn btn-danger delete-button">Sil<\/a><\/td>\n <\/tr>\n @endfor\n\t\t<\/tbody>\n\t<\/table><\/pre><\/div>\n\n\n\n<form action="" method="post" action="{{ route('dashboard.store_blocked_ip') }}">\n <!-- CROSS Site Request Forgery Protection -->\n @csrf\n <div class="form-group">\n \t<label>Ip<\/label>\n \t<input type="text" name="ip" required="required" class="form-control" placeholder="___.___.___.___">\n <\/div>\n <button type="submit" value="Submit" class="btn btn-dark btn-block">Kaydet<\/button>\n<\/form><\/pre><\/div>\n\n\n\nRestrictIpMiddleware<\/h3>\n\n\n\n
php artisan make:middleware RestrictIpMiddleware<\/code> komutunu \u00e7al\u0131\u015ft\u0131r\u0131yoruz.<\/p>\n\n\n\nprotected $middleware = [\n \\App\\Http\\Middleware\\TrustProxies::class,\n \\Fruitcake\\Cors\\HandleCors::class,\n \\App\\Http\\Middleware\\PreventRequestsDuringMaintenance::class,\n \\Illuminate\\Foundation\\Http\\Middleware\\ValidatePostSize::class,\n \\App\\Http\\Middleware\\TrimStrings::class,\n \\Illuminate\\Foundation\\Http\\Middleware\\ConvertEmptyStringsToNull::class,\n \t\\App\\Http\\Middleware\\RestrictIpAddressMiddleware::class,\n ];<\/pre><\/div>\n\n\n\n
<?php\n\nnamespace App\\Http\\Middleware;\n\nuse Closure;\n\nclass RestrictIpAddressMiddleware\n{\n\n \/\/ Blocked IP addresses\n public $restrictedIp = [];\n \n public function restrictedIp(){\n $this->restrictedIp = \\App\\BlockedIps::get();\n }\n \n \/**\n * Handle an incoming request.\n *\n * @param \\Illuminate\\Http\\Request $request\n * @param \\Closure $next\n * @return mixed\n *\/\n public function handle($request, Closure $next)\n {\n $this->restrictedIp();\n if (in_array($request->ip(), $this->restrictedIp->pluck('ip')->toArray())) {\n return response()->json(['message' => "You are not allowed to access this site."]);\n }\n return $next($request);\n }\n}\n<\/pre><\/div>\n\n\n\n