Block access to a system URL or folder path

Asked

Viewed 551 times

3

Hi, I’m looking to block access to the administrative part of my site and release to only a few ips. I can do this using the .htacess well quiet but the problem is that I have the module Adminstrativa and the frontend module and the .htaccess of the web folder blocks the whole system and not only the administrative one. I wanted to know how to make it block access by the url or the admin folder. I tried to use the .htaccess and the .htpasswd in the login folder but not rolled.

Someone who’s been through this has some idea?

1 answer

1

With the directive access_control Symfony’s security configuration is quite easy to do this.

See some examples in that article from Symfony’s own website:

security:
    # ...
    access_control:
        - { path: ^/admin, roles: ROLE_USER_IP, ip: 127.0.0.1 }
        - { path: ^/admin, roles: ROLE_USER_HOST, host: symfony\.com$ }
        - { path: ^/admin, roles: ROLE_USER_METHOD, methods: [POST, PUT] }
        - { path: ^/admin, roles: ROLE_USER }

At each of the entries of the Directive access_control it is possible to insert four settings:

  • path (defining by which route the administrative part is accessible)
  • ip or ips (defining which Ips have access to the administrative part)
  • host (defining through which host the administrative part is accessible)
  • methods (defining the methods permitted in the administrative part)

You can also put an expression through the directive allow_if (for example, allow_if: "'127.0.0.1' == request.getClientIp() or has_role('ROLE_ADMIN')") and even force access to the administrative section to be done through HTTPS (using requires_channel: https).

  • mass, that works for symfony 1.4?

  • I don’t think so. I saw the security configuration of Symfony 1.4 and it is very raw: http://symfony.com/legacy/doc/reference/1_4/en/08-Security. It might be a good idea to upgrade the Symfony version on your system, since security is so crucial and it is built on top of a version that is no longer maintained - therefore potentially insecure.

  • truth I know. is that I needed to make a system with a framework made on the basis of symfony 1.4 here in the company. Ai I won’t be able to do another enterprise framework in version 2.0 or 3.0 for lack of time. But I’ll see what I can do in version 1.4

  • Maybe it’s a good idea to put the administrative section on a separate virtual host and put the access rules there, like Ips allowed, there. If you think it’s a good idea, tell me I’ll put another answer.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.