I've implemented it in an easier way (very much easier if you run a lot of
symfony-based websites on a server): Simply deny access to your *_dev.php
files in the configuration of apache. It does it the same way for .ht*
files. With deny from all, allow from <your ip> you can disable access
server-wide without changing any code.
>
> Fabian Lange wrote:
>
>> Add to all non production controllers:
>>
>> <?php
>> //This prevents accidental access to non production frontends
>> if (!in_array($_SERVER['REMOTE_ADDR'], array('127.0.0.1')))
>> {
>> echo('Your IP '.$_SERVER['REMOTE_ADDR'].' is not in set of allowed
>> IPs.');
>> echo('Check '.__FILE__.' For more information. ');
>> die();}
>>
>> ?>
>
> This is surely the easiest and most secure way, but I'd like to
> discuss the configurability of this solution. I believe that we should
> not encourage editing front controller files by hand as it is the most
> fragile and vulnerable part of whole application. Adding more
> flexibility (IP ranges, etc.) to the configuration is also very
> appreciated.
>
> Putting these IPs in the configuration files and checking them later
> in a symfony application is more convenient and allows for easily
> customised error pages. One may argue that this is less secure, but
> since we still use symfony for public front controllers this will
> surely not be the most vulnerable place in our site.
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"symfony developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/symfony-devs?hl=en
-~----------~----~----~----~------~----~------~--~---
