Reputation: 1907
Symfony 2 app.php vs app_dev.php
I'm using the Symfony 2 php framework, which has a couple of different usage environments: development, production and test. The app.php front controller accesses the production environment and the app_dev.php front controller accesses the development environment. Can anyone familiar with Symfony advise what is the best way to restrict the development environment to developers? I don't want the development version of my web application to be viewable by users of my site, they should be restricted to using the production environment.
Upvotes: 3
Views: 10896
Answers (1)
Reputation: 105914
Well, out of the box, the standard distribution has an IP-based guard check at the top of the dev controller.
// This check prevents access to debug front controllers that are deployed by accident to production servers.
// Feel free to remove this, extend it, or make something more sophisticated.
if (isset($_SERVER['HTTP_CLIENT_IP'])
|| isset($_SERVER['HTTP_X_FORWARDED_FOR'])
|| !in_array(@$_SERVER['REMOTE_ADDR'], array(
'127.0.0.1',
'::1',
))
) {
header('HTTP/1.0 403 Forbidden');
exit('You are not allowed to access this file. Check '.basename(__FILE__).' for more information.');
}
However, as the comments indicate, you aren't beholden to that approach. For example, if you're running Apache, you can add basic HTTP Authentication to the dev and test controllers.
Upvotes: 10
Related Questions
- starting with symfony 2 (app_dev.php works, app.php 404's)
- Why app_dev.php is available in production?
- Why does Symfony 2 use app_dev.php instead of one front controller?
- Symfony2 : Switching between app.php and app_dev.php, am I doing it right?
- What's the preferred way of deploying a Symfony2 application?
- Symfony, default use app.php
- From development (app_dev.php) to production (app.php) in Symfony2
- Symfony 2 app_dev.php vs app.php
- Symfony2 app.php works but not app_dev.php
- Symfony2 application structure best practices