Http Requests Monitoring

Monitor your application behaviour during incoming http requests.

PreviousInstallation & Set-up NextConfiguration

Last updated 4 months ago

Http Requests Monitoring

Monitor your application behaviour during incoming http requests.

Introduction

To activate inspection when your application is executed by an incoming http request you can use the WebRequestMonitoring middleware.

Thanks to the middleware you are free to decide on which routes you want activate monitoring, based on your routes configuration or on your personal monitoring preferences. WebRequestMonitoring middleware works like any other Laravel middleware you are familiar to.

If you use Laravel Octane to serve your application you should use the specialized middleware instead. .

Option 1 - Append to the middleware groups (recommended)

Laravel 11

You should append the Inspector middleware in the bootstrap/app.php file for web and api middleware groups, so in two lines of code you'll intercept all incoming http requests:

boostrap/app.php

use \Inspector\Laravel\Middleware\WebRequestMonitoring;

return Application::configure(basePath: dirname(__DIR__))
    ->withMiddleware(function (Middleware $middleware) {
        // Append the middleware
        $middleware->appendToGroup('web', WebRequestMonitoring::class)
            ->appendToGroup('api', WebRequestMonitoring::class);
    })
    ->create();

Previous Laravel versions (<= 10)

For previous Laravel version up to 10 you should append the Inspector middleware to the middleware gourps in the App\Http\Kernel class:

/**
 * The application's route middleware groups.
 *
 * @var  array
 */
protected $middlewareGroups = [
    'web' => [
        ...,
        \Inspector\Laravel\Middleware\WebRequestMonitoring::class,
    ],

    'api' => [
        ...,
        \Inspector\Laravel\Middleware\WebRequestMonitoring::class,
    ]
]

Option 2 - Assigning middleware to routes

In alternative you can assign the middleware to specific routes or group:

/*
 * Attach the "inspector" middleware in your routes
 */
Route::middleware(\Inspector\Laravel\Middleware\WebRequestMonitoring::class)
    ->group(function () {
        // Monitored routes here
    });

Ignore Http Requests

If you need to implement a custom logic to ignore requests, the middleware is also designed to be extended.

Overwriting the shouldRecorded() method, you can implement a custom condition to decide which routes should be ignored by Inspector.

Run the artisan command below to create a new middleware class:

php artisan make:middleware InspectorMonitoringMiddleware

In the new middleware class extend the Inspector middleware and override the shouldRecorded() method to implement your condition. Return back a boolean value to enable or disable monitoring:

use \Inspector\Laravel\Middleware\WebRequestMonitoring;

class InspectorMonitoringMiddleware extends WebRequestMonitoring
{
    /**
     * Determine if Inspector should record current request.
     *
     * @param \Illuminate\Http\Request $request
     * @return bool
     */
    protected function shouldRecorded($request): bool
    {
        // Only requests from your IP addresses should be recorded
        return in_array($request->ip(), ['xxx.xxx.xxx.xxx']);
    }
}

Returning true the current http request will be recorded in your dashboard, returning false the transaction will be completely ignored.

The last step is to use this new custom middleware instead of the original Inspector middleware.

Laravel 11

bootstrap/app.php

use App\Http\Middleware\InspectorMonitoringMiddleware;

return Application::configure(basePath: dirname(__DIR__))
    ->withRouting(
        // routes
    )
    ->withMiddleware(function (Middleware $middleware) {
        // Append the custom middleware
        $middleware->appendToGroup('web', InspectorMonitoringMiddleware::class)
            ->appendToGroup('api', InspectorMonitoringMiddleware::class);
    })
    ->withExceptions(function (Exceptions $exceptions) {
        //
    })->create();

Previosu Laravel version (<= 10)

app/Http/Kernel.php

use App\Http\Middleware\InspectorMonitoringMiddleware;

/**
 * The application's route middleware groups.
 *
 * @var  array
 */
protected $middlewareGroups = [
    'web' => [
        ...,
        //\Inspector\Laravel\Middleware\WebRequestMonitoring::class,
        InspectorMonitoringMiddleware::class,
    ],

    'api' => [
        ...,
        //\Inspector\Laravel\Middleware\WebRequestMonitoring::class,
        InspectorMonitoringMiddleware::class,
    ]
]

Hide sensible contents

You may hide sensible data from HTTP requests body and Headers like passwords, authorization token, etc. Inspector is able to detect that parameters in your request's content masking them with "******".

Simply add fields to the hidden_parameters array in the in inspector config file:

'hidden_parameters' => [
    'password',
    'password_confirmation',
    'Authorization',
    
    // Other fields here...
],

You can specify nested fields using the dot notation like user.password

PreviousInstallation & Set-up NextConfiguration

Last updated 4 months ago

Introduction

To activate inspection when your application is executed by an incoming http request you can use the WebRequestMonitoring middleware.

If you use Laravel Octane to serve your application you should use the specialized middleware instead. .

Option 1 - Append to the middleware groups (recommended)

Laravel 11

You should append the Inspector middleware in the bootstrap/app.php file for web and api middleware groups, so in two lines of code you'll intercept all incoming http requests:

boostrap/app.php

use \Inspector\Laravel\Middleware\WebRequestMonitoring;

return Application::configure(basePath: dirname(__DIR__))
    ->withMiddleware(function (Middleware $middleware) {
        // Append the middleware
        $middleware->appendToGroup('web', WebRequestMonitoring::class)
            ->appendToGroup('api', WebRequestMonitoring::class);
    })
    ->create();

Previous Laravel versions (<= 10)

For previous Laravel version up to 10 you should append the Inspector middleware to the middleware gourps in the App\Http\Kernel class:

/**
 * The application's route middleware groups.
 *
 * @var  array
 */
protected $middlewareGroups = [
    'web' => [
        ...,
        \Inspector\Laravel\Middleware\WebRequestMonitoring::class,
    ],

    'api' => [
        ...,
        \Inspector\Laravel\Middleware\WebRequestMonitoring::class,
    ]
]

Option 2 - Assigning middleware to routes

In alternative you can assign the middleware to specific routes or group:

/*
 * Attach the "inspector" middleware in your routes
 */
Route::middleware(\Inspector\Laravel\Middleware\WebRequestMonitoring::class)
    ->group(function () {
        // Monitored routes here
    });

Ignore Http Requests

Basic ignoring logic is supported by default via a simple configuration parameter. .

If you need to implement a custom logic to ignore requests, the middleware is also designed to be extended.

Overwriting the shouldRecorded() method, you can implement a custom condition to decide which routes should be ignored by Inspector.

Run the artisan command below to create a new middleware class:

php artisan make:middleware InspectorMonitoringMiddleware

In the new middleware class extend the Inspector middleware and override the shouldRecorded() method to implement your condition. Return back a boolean value to enable or disable monitoring:

use \Inspector\Laravel\Middleware\WebRequestMonitoring;

class InspectorMonitoringMiddleware extends WebRequestMonitoring
{
    /**
     * Determine if Inspector should record current request.
     *
     * @param \Illuminate\Http\Request $request
     * @return bool
     */
    protected function shouldRecorded($request): bool
    {
        // Only requests from your IP addresses should be recorded
        return in_array($request->ip(), ['xxx.xxx.xxx.xxx']);
    }
}

Returning true the current http request will be recorded in your dashboard, returning false the transaction will be completely ignored.

The last step is to use this new custom middleware instead of the original Inspector middleware.

Laravel 11

bootstrap/app.php

use App\Http\Middleware\InspectorMonitoringMiddleware;

return Application::configure(basePath: dirname(__DIR__))
    ->withRouting(
        // routes
    )
    ->withMiddleware(function (Middleware $middleware) {
        // Append the custom middleware
        $middleware->appendToGroup('web', InspectorMonitoringMiddleware::class)
            ->appendToGroup('api', InspectorMonitoringMiddleware::class);
    })
    ->withExceptions(function (Exceptions $exceptions) {
        //
    })->create();

Previosu Laravel version (<= 10)

app/Http/Kernel.php

use App\Http\Middleware\InspectorMonitoringMiddleware;

/**
 * The application's route middleware groups.
 *
 * @var  array
 */
protected $middlewareGroups = [
    'web' => [
        ...,
        //\Inspector\Laravel\Middleware\WebRequestMonitoring::class,
        InspectorMonitoringMiddleware::class,
    ],

    'api' => [
        ...,
        //\Inspector\Laravel\Middleware\WebRequestMonitoring::class,
        InspectorMonitoringMiddleware::class,
    ]
]

Hide sensible contents

Simply add fields to the hidden_parameters array in the in inspector config file:

'hidden_parameters' => [
    'password',
    'password_confirmation',
    'Authorization',
    
    // Other fields here...
],

You can specify nested fields using the dot notation like user.password