diff --git a/application/common.php b/application/common.php
index 67bf8e02..fa160030 100755
--- a/application/common.php
+++ b/application/common.php
@@ -460,3 +460,21 @@ if (!function_exists('xss_clean')) {
         return \app\common\library\Security::instance()->xss_clean($content, $is_image);
     }
 }
+
+if (!function_exists('check_ip_allowed')) {
+    /**
+     * 检测IP是否允许
+     * @param string $ip IP地址
+     */
+    function check_ip_allowed($ip = null)
+    {
+        $ip = is_null($ip) ? request()->ip() : $ip;
+        $forbiddenipArr = config('site.forbiddenip');
+        $forbiddenipArr = !$forbiddenipArr ? [] : $forbiddenipArr;
+        $forbiddenipArr = is_array($forbiddenipArr) ? $forbiddenipArr : array_filter(explode("\n", str_replace("\r\n", "\n", $forbiddenipArr)));
+        if ($forbiddenipArr && \Symfony\Component\HttpFoundation\IpUtils::checkIp($ip, $forbiddenipArr)) {
+            header('HTTP/1.1 403 Forbidden');
+            exit;
+        }
+    }
+}
diff --git a/application/common/controller/Api.php b/application/common/controller/Api.php
index 54cbcc0a..87e9c6f7 100644
--- a/application/common/controller/Api.php
+++ b/application/common/controller/Api.php
@@ -95,6 +95,9 @@ class Api
         //跨域请求检测
         check_cors_request();
 
+        // 检测IP是否允许
+        check_ip_allowed();
+
         //移除HTML标签
         $this->request->filter('trim,strip_tags,htmlspecialchars');
 
diff --git a/application/common/controller/Backend.php b/application/common/controller/Backend.php
index e318a6a3..27bce621 100644
--- a/application/common/controller/Backend.php
+++ b/application/common/controller/Backend.php
@@ -131,6 +131,9 @@ class Backend extends Controller
         // 定义是否AJAX请求
         !defined('IS_AJAX') && define('IS_AJAX', $this->request->isAjax());
 
+        // 检测IP是否允许
+        check_ip_allowed();
+
         $this->auth = Auth::instance();
 
         // 设置当前请求的URI
@@ -540,7 +543,7 @@ class Backend extends Controller
             if ($primaryvalue !== null && preg_match("/^[a-z0-9_\-]+$/i", $primarykey)) {
                 $primaryvalue = array_unique(is_array($primaryvalue) ? $primaryvalue : explode(',', $primaryvalue));
                 //修复自定义data-primary-key为字符串内容时，给排序字段添加上引号
-                $primaryvalue=   array_map(function ($value) {
+                $primaryvalue = array_map(function ($value) {
                     return '\'' . $value . '\'';
                 }, $primaryvalue);
 
diff --git a/application/common/controller/Frontend.php b/application/common/controller/Frontend.php
index f76fda0f..9464e895 100644
--- a/application/common/controller/Frontend.php
+++ b/application/common/controller/Frontend.php
@@ -48,6 +48,9 @@ class Frontend extends Controller
         $controllername = Loader::parseName($this->request->controller());
         $actionname = strtolower($this->request->action());
 
+        // 检测IP是否允许
+        check_ip_allowed();
+
         // 如果有使用模板布局
         if ($this->layout) {
             $this->view->engine->layout('layout/' . $this->layout);