Cloudflare Laravel Request

Cloudflare Laravel Request inherits the request object from Laravel and parses specific headers from Cloudflare to provide additional information about the request, including:

• CfRequest::ip() - Original Client IP (Before it passes through any proxies)
• CfRequest::country() - Origin Country
• CfRequest::timezone() - Origin Timezone
• CfRequest::city() - Origin City
• CfRequest::region() - Origin Region
• CfRequest::postalCode() - Origin Postal Code
• CfRequest::lat() - Origin Latitude
• CfRequest::lon() - Origin Longitude
• CfRequest::isBot() - If it's a bot
• CfRequest::asn() - Autonomous System (AS) number associated with the client IP address
• CfRequest::lang() - Browser's primary accepted language

The User-Agent is also parsed to provide additional information about the device, including:

• CfRequest::deviceType() - Device Type (mobile, tablet, desktop, tv, etc)
• CfRequest::deviceBrand() - Device Brand
• CfRequest::deviceModel() - Device Model
• CfRequest::os() - Device OS
• CfRequest::osVersion() - Device OS Version
• CfRequest::browser() - Device Browser
• CfRequest::browserVersion() - Device Browser Version

With this package, you can:

• Replace Request $request with CfRequest $request in your controller methods to access the additional methods.
• Call the CfRequest facade anywhere in your application to access this information.

CF Request in action: Test your connection

Highlights

Lean into Cloudflare's Security

public function register(CfRequest $request)
{
    if ($request->isBot()) {
        abort(403, 'Naughty bots');
    }
 
    $attributes = $request->validate([
        'first_name' => 'required|string',
        'last_name' => 'required|string',
        //... etc
    ]);
   //... etc
}

Set the timezone based on the origin

date_default_timezone_set(CfRequest::timezone());
// Now carbon dates will be parsed for the user's timezone

Apply logic based on the user's country

public function welcome()
{
   if (CfRequest::country() === 'US') {
         return view('welcome_us');
   }
   return view('welcome');
}

Apply logic based on device type

public function welcome()
{
    $loadVideo = true;
    if (CfRequest::deviceType() === 'mobile') {
        $loadVideo = false;
    }
    // etc
}

Requirements

• Laravel 10+
• Cloudflare as a proxy (though it will work without it and have no data on the CF-specific headers)

Installation

Add the package via composer:

composer require pdphilip/cf-request

Then install with:

php artisan cf-request:install

Cloudflare Setup

Option 1: Via Cloudflare API

---

Step 1: Copy Zone ID

• Go to your Cloudflare dashboard
• Click on the domain you want to configure
• Copy the Zone ID
• Save in ENV as CF_API_ZONE_ID

Step 2: Create an API Token

• Navigate to: https://dash.cloudflare.com/profile/api-tokens
• Click on "Create Token"
• Select: Create Custom Token (Get started)

Token Configuration

• {Enter Token name}
• Permissions
  • Account: Account Rulesets: Edit
  • Zone: Transform Rules: Edit
• Account Resources
  • Include: All Accounts
• Zone Resources
  • Include: All Zones

• Create Token and Save in ENV as CF_API_TOKEN

Run the artisan command:

php artisan cf-request:headers

---

Option 2: Manually on Cloudflare

---

Navigate to "Modify Request Header"

• Go to your Cloudflare dashboard
• Click on the domain you want to configure
• Click on Menu "Rules" -> "Overview"
• Click on "+ Create Rule" -> select "Request Header Transform Rule"

Creating the rule

• Name: "Laravel Headers:
• Select "All incoming requests"
• Set the following headers:

Set dynamic
X-AGENT
http.user_agent

Set dynamic
X-IP
ip.src

Set dynamic
X-COUNTRY
ip.src.country

Set dynamic
X-CONTINENT
ip.src.continent

Set dynamic
X-CITY
ip.src.city

Set dynamic
X-POSTAL-CODE
ip.src.postal_code

Set dynamic
X-REGION
ip.src.region

Set dynamic
X-TIMEZONE
ip.src.timezone.name

Set dynamic
X-LAT
ip.src.lat

Set dynamic
X-LON
ip.src.lon

Set dynamic
X-REFERER
http.referer

Set dynamic
X-ASN
ip.src.asnum

Set dynamic
X-LANG
http.request.accepted_languages[0]

Set dynamic
X-IS-BOT
cf.client.bot

---

Usage

All the standard Laravel request methods are available, with the following additional methods:

CfRequest::country()

CfRequest::city()

CfRequest::region()

CfRequest::postalCode()

CfRequest::lat()

CfRequest::lon()

CfRequest::timezone()

CfRequest::isBot()

CfRequest::isMobile()

CfRequest::isTablet()

CfRequest::isDesktop()

CfRequest::isTv()

CfRequest::deviceType()

CfRequest::deviceBrand()

CfRequest::deviceModel()

CfRequest::os()

CfRequest::osVersion()

CfRequest::osFamily()

CfRequest::browser()

CfRequest::browserVersion()

CfRequest::browserName()

CfRequest::browserFamily()

CfRequest::referer()

CfRequest::refererDomain()

CfRequest::asn()

CfRequest::lang()

You can use the CfRequest facade or inject the CfRequest $request class into your controller methods.

Testing headers

• This package comes with a test route that will display the headers being parsed from Cloudflare.
• You can access this route by visiting /cf-request/status on your application.
• You can disable this in the config file or by setting the CF_ALLOW_STATUS_VIEW environment variable to false.

Changelog

Please see CHANGELOG for more information on what has changed recently.

Contributing

Please see CONTRIBUTING for details.

Credits

• David Philip

License

The MIT License (MIT). Please see License File for more information.