Block access to a URL or system folder path

3

Hi, I'm trying to block administrative access from my site and release it for only a few ips. I can do this using the .htacess well quiet but the problem is that I have the adminstrative module and the module frontend and .htaccess of the web folder blocks the whole system and not only the administrative one. I wanted to know how to make it block access through the url or the admin folder. I tried to use .htaccess and .htpasswd in the login folder but did not scroll.

Has anyone had this idea yet?

    
asked by anonymous 21.12.2015 / 12:10

1 answer

1

With the access_control directive of the Symfony security configuration, it is quite easy to do this.

Here are some examples from the symfony website itself:

Symfony

security:
    # ...
    access_control:
        - { path: ^/admin, roles: ROLE_USER_IP, ip: 127.0.0.1 }
        - { path: ^/admin, roles: ROLE_USER_HOST, host: symfony\.com$ }
        - { path: ^/admin, roles: ROLE_USER_METHOD, methods: [POST, PUT] }
        - { path: ^/admin, roles: ROLE_USER }

In each of the access_control directive entries you can enter four settings:

  • path (which defines by which path the administrative part is accessible)
  • ip or ips (which defines which IPs have access to the administrative part)
  • host (which defines through which host the administrative part is accessible)
  • methods (which defines the allowed methods in the administrative part)

You can also put an expression through the allow_if directive (for example, allow_if: "'127.0.0.1' == request.getClientIp() or has_role('ROLE_ADMIN')" ) and even force access to the administrative section to be done through HTTPS (using requires_channel: https ).

    
21.12.2015 / 12:17