Symfony2 IP restriction for all

Question

Symfony2 IP restriction for all

I am trying to apply the IP restriction for specific routes in Symfony2, as described in the Symfony2 book . I don’t have user authentication, I just want my service to respond to requests coming from a specific IP address.

But I fail to apply the restriction (I always go through during my tests).

Here is my security.yml

jms_security_extra: secure_all_services: false expressions: true security: encoders: Symfony\Component\Security\Core\User\User: plaintext role_hierarchy: ROLE_ADMIN: ROLE_USER ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH] providers: in_memory: memory: users: user: { password: userpass, roles: [ 'ROLE_USER' ] } admin: { password: adminpass, roles: [ 'ROLE_ADMIN' ] } firewalls: secured_area: pattern: ^/wsoa/tests anonymous: ~ # http_basic: # realm: "Secured Demo Area" access_control: #- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https } #- { path: ^/_internal/secure, roles: IS_AUTHENTICATED_ANONYMOUSLY, ip: 127.0.0.1 } # THE RESTRICTION I'D LIKE (FOR EXEMPLE 127.0.0.1) - { path: ^/wsoa_products_tests, roles: IS_AUTHENTICATED_ANONYMOUSLY, ip: 127.0.0.1 }

And here is my route from routing.yml:

 wsoa_products_tests: pattern: /wsoa/tests defaults: { _controller: WsoaProductsBundle:Test:display }

Does anyone know how to make it work? Should I forget to do this in Symfony2 and do it using htaccess?

+4

symfony ip

Tam Dec 14 '12 at 13:49

source share

3 answers

Youri_G · Answer 1 · 2015-06-05T16:08:17+0000

To limit the path to specific IP addresses only, you can add the following to security.yml access_control:

 - { path: ^/yourpath, roles: IS_AUTHENTICATED_ANONYMOUSLY, ips: [1.1.1.1, 2.2.2.2, ...] } - { path: ^/yourpath, roles: ROLE_NO_ACCESS }

And if you want to limit the full range of IP addresses, use an IP network mask, for example:

 - { path: ^/yourpath, roles: IS_AUTHENTICATED_ANONYMOUSLY, ips: [1.1.1.0/24] } - { path: ^/yourpath, roles: ROLE_NO_ACCESS }

Note. The IP addresses that I put here need to be replaced with the ones you want to limit. Also replace ^/yourpath with your actual path or subpath.

Mike · Answer 2 · 2012-12-14T14:23:52+0000

I do not think you can use routes in the access_control configuration. Instead, try providing an alternate path, IE:

 - { path: ^/wsoa, roles: IS_AUTHENTICATED_ANONYMOUSLY, ip: 127.0.0.1 }

Then the routes to be protected use the prefix.

 wsoa_products_tests: pattern: /wsoa/tests defaults: { _controller: WsoaProductsBundle:Test:display }

Edit:

You can try creating a custom voter .. ( http://symfony.com/doc/2.0/cookbook/security/voters.html )

Use the class suggested in this document, and then you can impose a voting method on something like:

 function vote(TokenInterface $token, $object, array $attributes) { $request = $this->container->get('request'); $route = $request->get('_route'); // I suggest passing the allowed routes in the service definition instead of // hardcoding here, but for example sake: if (in_array($route, array('wsoa_product_tests'))) { if (in_array($request->getClientIp(), $this->blacklistedIp)) { return VoterInterface::ACCESS_DENIED; } } return VoterInterface::ACCESS_ABSTAIN; }

Florent Morselli · Answer 3 · 2014-01-08T10:17:46+0000

You can easily block IP and IP ranges using my package => https://github.com/Spomky/SpomkyIpFilterBundle

Symfony2 IP restriction for all

More articles: