Reputation: 65
Deny access in Symfony method unless you are in localhost
I want to know how to deny the access to a controller method that it isn't being called from localhost. For example, I would like to allow the access to this URL www.myweb.com/usermanagement only if you are on localhost.
I didn't find anything on doc https://symfony.com/doc/3.2/security.html
Upvotes: 0
Views: 1129
Answers (2)
Reputation: 3115
First, the solution of fxbt is great.
But you can also do it by using the firewall configuration in security.yaml file: https://symfony.com/doc/3.2/security/firewall_restriction.html
# app/config/security.yml
# ...
security:
firewalls:
# This is a custom firewall area and may conflict with your existing firewall
other_secured_area:
host: ^localhost$
pattern: ^/usermanagement
Another solution is to do it directly in the controller:
public function userManagement(Request $request)
{
if ($request->getHost() !== 'localhost') {
throw new $this->createAccessDeniedException();
}
}
In any case by careful because host security may not be the best security (it's possible to manipulate the host from the client in most cases).
Upvotes: 2
Reputation: 2596
Look in the access_control documentation. You can use the allow_if key and do something like this:
access_control:
- path: ^/usermanagement
allow_if: "request.getHost() == 'localhost'"
Upvotes: 3
Related Questions
- Symfony2: app_dev.php allow access only to IP?
- symfony 3 - how to allow unauthenticated access to a URL prefix
- How to allow access only to a local subnet using access control in symfony 2?
- Silex - Deny access to client from server side
- symfony security all hosts except one
- Symfony2 : controlling access to a ressource
- Symfony2 Access Control/Security
- Unable to protect route from anonimous access in Symfony2
- Symfony 2: protect login page and administrator with ip
- Symfony2 Basic Auth Athentication except localhost