Skip to content

Vendor-neutral, engineer-written explanations. Clear definitions first, then practical steps with real examples — no fluff.

What is Middleware in Laravel?

SB
Written by StageBit Engineering Team
Updated January 2026 2 min readVerified by engineers

Middleware in Laravel is a layer that sits between a user’s request and the application. It can inspect, filter, or modify requests before they reach your controllers.

What Middleware Does in Laravel

Middleware acts like a checkpoint for HTTP requests. It decides whether a request should proceed or be blocked, and can also modify the request or response. Common uses include:

  • Checking if a user is authenticated
  • Verifying permissions or roles
  • Logging incoming requests
  • Handling security checks like CSRF protection

Real-Life Example: Office Security

Think of middleware as a security guard at the entrance of an office:

  • Visitor = User request
  • Security guard = Middleware
  • Office = Laravel application

How it works:

  1. A visitor comes to the office (user sends request)
  2. The security guard checks credentials (middleware checks rules)
  3. If allowed, the visitor enters (request reaches controller)
  4. If not allowed, the visitor is redirected or denied entry

Types of Middleware

  • Global Middleware: Runs for every request.
  • Route Middleware: Assigned to specific routes or route groups.
  • Terminable Middleware: Performs actions after the response is sent.

Creating Middleware

Use Artisan to generate a middleware class: 

php artisan make:middleware EnsureTokenIsValid

This creates a class in app/Http/Middleware, where you can define your rules. Example: allow access only if a token matches a secret value.

Assigning Middleware

  • Assign to routes: Route::get('/profile')->middleware(EnsureTokenIsValid::class);
  • Assign to groups: Route::middleware(['auth', 'subscribed'])->group(...);
  • Exclude from routes: ->withoutMiddleware([EnsureTokenIsValid::class])

Middleware Groups

Laravel allows grouping multiple middleware under one key for easier application:

  • Web group (routes/web.php)
  • API group (routes/api.php)

Modern Middleware Registration in Laravel 12

In Laravel 12, middleware configuration has moved from app/Http/Kernel.php to bootstrap/app.php: 

// Register middleware aliases
->withMiddleware(function (Middleware $middleware) {
    $middleware->alias([
        'admin' => \App\Http\Middleware\CheckAdmin::class,
    ]);
})

// Add global middleware
->withMiddleware(function (Middleware $middleware) {
    $middleware->append(\App\Http\Middleware\LogRequests::class);
})

// Modify default groups
$middleware->web(append: [
    \App\Http\Middleware\MyWebMiddleware::class,
]);

Why Middleware Is Important

  • Keeps controllers clean by removing repetitive checks
  • Improves security and access control
  • Allows request and response manipulation before or after controllers
  • Makes code easier to maintain and scale

Conclusion

Middleware in Laravel acts as a gatekeeper for requests. It ensures that requests follow rules before reaching the application and can also handle post-response tasks. Using middleware keeps your Laravel applications secure, organized, and easy to manage.

Related Answers

Laravel Common Issues With Laravel Deployment And Their Solution Laravel How to Optimize a Laravel Project’s Performance? Laravel What Are Some Recommended Hosting Providers For Laravel? Laravel How Do I Deploy a Laravel Application?

Was this answer helpful?

Your feedback helps us improve our answers.

Still need help?

Talk to our Laravel experts

We've handled GDPR/CCPA compliance for dozens of EU & US Laravel.

Talk to Laravel Experts

Tell us more about your brand!

Rohit Kundale, Our VP of Sales and Marketing is ready to meet with your team.