Firewall solution for Laravel

I am getting an amount of suspicious requests to one of my applications. They are all occurring to an URL endpoint that doesn't exist and some that highly suggests it's from users who have bad intentions such as /.env and 1 to /.well-known/security.txt which suggests someone wants to report a security issue (or more likely just want to find an email to spam).

The application is for a closed small group of people so requests such as the first, which was from Netherlands, are for sure not wanted and I would like to block the IP for something like 1 month.

However how do I do this best? I have looked at DigitalOceans firewall, unfortunately it's very limited and only allow general blocking with whitelist rules, not general unblocking with blacklist rules. I could make a soft-firewall with Laravel that blocks all IPs from a database table, but this doesn't really prevent anything if there's a security flaw in the software.

Another option is to use Ubuntus ufw, but the best option would be some service with an API access. I know the service Sqreen.io, which can do it, but it's either very costly or required to have a badge on our product which I cannot convince the client to allow (Don't ask me why).

What are your experiences for this kind cases?