The most common solution to this is to restrict access to devices on your own network. This is a good case for using a middleware to make sure that the IP requesting access is one of the IPs on your corporate network:
<?php
namespace App\Http\Middleware;
use Closure;
class CorporateIP
{
public function handle($request, Closure $next)
{
$valid_addresses = ['xxx.xxx.xxx.xxx', 'xxx.xxx.xxx.xxx'];
if (!in_array($request->ip(), $valid_addresses)) {
abort(403);
}
return $next($request);
}
}
If you want to protect all routes, just register this class as a global middleware on your app/Http/Kernel.php
.